The modern world revolves around technology; without it our lives wouldn’t be as efficient as they are now. For all the importance technology holds in our working lives, there is, however, one more important ingredient in ensuring a successful workplace, and that is communication. Good communication between colleagues, suppliers, and customers alike is essential - it must be seamless and, most importantly, safe.
The ways we communicate have changed along with the advancements in the technological landscape of the world. Security has become the key concern for business owners - nothing is safe anymore - and, with our forms of communication being some of the main entrance points for cyber criminals to your system, it is time to protect your communicative methods.
Modern ‘safe’ communication
Phishing scams are the most popular tools today in a cyber criminal’s arsenal. The ease with which they can deliver their attack through the relatively undefended route of email is an appealing proposition for them.
Email breaches come in a variety of forms but, predominantly, involve the use of a false identity – the criminal creates false trust between them and the recipient. They do this with the intent of duping the victim into unknowingly sharing sensitive information or opening a malicious file on their computer.
The key to a successful Phishing attack is of course, deception – this falsely-placed trust is used to draw the victim into clicking on a link embedded within the email, which will often load a website falsifying itself as a brand entity or company likely known to the email recipient. The scammers – if they are any good – will meticulously redesign themselves and go to a lot of effort to impersonate individuals and entities that you or your team are likely to trust, and, if successful, they know that you will comply with their demands. They will impersonate household names such as Netflix, or a trusted government department, or bank, to further stretch this trust.
While most cyber criminals will usually want to gain access to your systems or gain access to compromising and sensitive information for financial gain, some do it for the pure goal of causing chaos.
Methods used by the Phishing scammer
The most important and first line of defence to your system is ‘the Human Firewall’. Your team must know what to look out for if a scammer slips through the net into their inbox, and they must then know what the steps are to follow in reporting and rectifying the attempted breach.
Your team must adopt a mistrusting attitude to every message they receive - until they can verify its legitimacy it is a threat.
Deceptive Phishing - one of the most common forms of Phishing scam - involves the cybercriminal attempting to imitate a well-known and trusted organisation. The message will be cleverly designed in such a way to force you to behave erratically. It will – as we mentioned earlier - convey a sense of urgency, which is done in an attempt to panic the victim into disclosing sensitive information.
Messages such as these will often be accompanied by a redirect to a login portal designed to harvest account details - always bad news for your organisation if things get this far.
Spear Phishing is a more targeted technique whereby the cybercriminal spends far more time targeting your business individually, rather than being one target in a long list that receives the same template email trying to gain access – this attack is performed with a degree of background research on the victim. Doing this allows them to pose as an individual or entity know to the target personally – a risky attack that requires a lot of preparation. As we know, cybercriminals are not lazy, and will do the necessary research to really force your hand. In our open connected world, it is easy for fraudsters to find and utilise an extensive amount of information from social media profiles - more than enough to imitate a trusted person well enough to sneak through undetected. Scams of this nature have a higher chance of success as victims often think it’s unlikely that they will be targeted on an individual basis.
CEO Fraud. This method involves the scammer imitating a company CEO or other similarly high-status individual within an organisation. Again, they do their research - they use publicly sourced information about the individual they are impersonating, then communicate with company employees and ask them to perform tasks and transactions that would normally be unauthorised. The cyber criminals invent elaborate stories that coincide with normal requests in the hope that your team comply. It sounds like your team should be wiser than to fall for this, but would you disobey and slow down the boss's workday? If the source looks valid – even if the request is a little bit out of the ordinary – you probably wouldn’t think twice if it’s a direct request from the boss.
Three ways to avoid Phishing attacks
With the methods of attack that cybercriminals use always changing and evolving, your methods of defence must be just as agile and revised.
Pay close attention to URLs. If you find yourself redirected to a site from an email take a moment to look at the URL to compare it to what you would expect. They are easy to spot when you know what you are looking for - slight misspellings, extra words, or unnecessary hyphens in the domain name are key things to look out for, for example. Also look to see if the ‘top-level domain’ is as you expect. You could – for instance – be expecting it to be ‘.com’ but instead you see ‘.fr’; if this is the case, it is likely that something is not quite right. As we said, if in doubt just close your window and make your own way to the legitimate site in the normal manner.
Know the way your bank operates and communicates with you. Many flooded their bank with calls when they first started sending out text messages, to be safe rather than sorry. Do some research about – or even contact - your bank to learn how they will contact you in the event of an emergency. (No financial establishment in the civilised world will leave you not knowing how they would communicate with you.)
Keep your private life private! We all share photos but some of us go too far. A large publicly available social media presence is a goldmine to fraudsters, who will use it to gain access to sensitive information and potentially into the inner workings of your business. Apply privacy settings and keep things like your friends list, phone numbers and your date of birth viewable only to people you know and trust. Why do people you’ve never met need to know the most intricate details of your life?
However, sometimes these precautions aren’t enough, and cyber criminals will manage to evade these measures to cause carnage on your systems. But there is a way to stop them before your team even open the email that could contain malicious links, and that is with AC360 Shield. Check out our next article to learn more about it.
Communication with AC360
AsiaCloud Solutions provides high-quality, reliable, and cost-effective Managed IT services to help your organisation succeed with IT. We offer a combination of enterprise-grade technology along with a fast, scalable, personalised service. We provide world-class IT you can rely on at affordable prices, with our specialists supporting you with a proactive service from right here in Singapore. Contact us now and find out what we can do for you.