Email is one of the most effective forms of business communication. Besides helping to maintain records for activities and projects clearly, it also provides an efficient way for multiple people to simultaneously receive activity updates.
However, email is also an easy way for cyber criminals to breach security systems and attack organisations.
Phishing scams are a common method that cyber criminals use to exploit vulnerabilities. Estimates suggest that more than 90 per cent of cyber attacks start with a phishing email [1]. This shows that many devastating attacks on organisations could have been prevented if the targeted person had realised what was happening earlier. After all, prevention is always better than cure.
While awareness of phishing attacks is increasing, even experienced and savvy users can potentially find themselves falling victim to a well-executed attack. Unfortunately, cyber criminals are continuing to innovate, and they’re becoming ever more adept at fooling users into thinking spoof emails are real.
To prevent it happening to your organisation, Sekuro has identified five ways your employees could be fooled by a phishing attack below.
1. Spoofing
A common form of phishing attack, spoofing involves the forgery of email headers, so the email appears to have come from a reputable or familiar source. These might include attached files or links that the user would not usually be suspicious of from known contacts, such as supplier invoices.
2. Social Engineering
Another form of spoofing, social engineering attacks typically involve cybercriminals researching people’s relative positions in an organisation, and then sending them an email that purports to be from a senior executive instructing them to make a purchase, transfer funds, or provide sensitive information.
3. Fake Websites
Cyber criminals will often create fake websites which resemble reputable sites closely, such as a banking and finance website, and encourage users to enter their credentials. These can be supported by, or linked to, phishing emails that mimic the company’s branding.
4. Branding
As well as fake websites, cyber criminals have become exceptionally good at replicating the branding of well-known companies to fool users into thinking they’ve received a legitimate email or reached a legitimate website. They will often mimic a company’s branding in the email header and footer, making phishing emails seem legitimate.
5. Legal Threats
Cyber criminals will send phony legal notices via email to create a sense of fear or urgency, leading recipients to act precipitously by clicking on links and entering passwords. More sophisticated cyber criminals will often use these notices with a combination of branding and fake websites to make scams seem legitimate, which can make it difficult for unsuspecting users to identify cyber security threats.
To protect your business, it’s important to implement email threat protection with multiple layers of defence that combat malware, viruses, spam, phishing and advanced persistent threats. It’s also essential that all employees receive ongoing training on how to identify potential phishing scams and where to report them in the organisation.
Sekuro has outlined clear steps organisations can take to secure their email ecosystem, as well as ways to optimise online security. We identify and implement the security solutions your organisation needs to optimise its cyber security approach and protect its assets. Contact the team today for more information on how to optimise your online security!
[1] https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html