Fake, spam and suspicious emails are commonly referred to as Phishing email as the sender is trying to ‘hook and reel-in’ you in. Phishing emails are sent to persuade and deceive you into compromising your personal data or your organisation’s security by asking you to reveal passwords, company information, financial information, transfer funds, to visit fake websites, to click on malicious links, to open malicious files and the like.
It used to be so easy to spot a suspicious or spam email, as it would contain spelling mistakes, be written in poor English, not be personally addressed to you, etc.
Suspicious and spam emails have become much more sophisticated and at first (and even second) glance, they may look genuine, as they will include logos, brand names, and slogans of legitimate companies.
Cyber attackers often create emails with attachments containing PDF files, word documents, excel spreadsheet and with embedded links containing malicious and harmful software. Opening the attachment or clicking on the embedded link, will likely result in malicious software being executed to run on your computers. From there on, the cyber attacker will be able to gain control of your computer and can spread the malicious software to other computers on our network.
Simple tips you can use to spot phishing emails include:
If you are suspicious of an email or the email is from an unknown or unexpected sender, you should never open the attachments or click on the embedded links. You should move any fake or suspicious emails to your ‘Spam’ or ‘Junk’ folder and report it to your IT Department.
A good practice, is for the IT Department to send a notification to colleagues to advise them, so that they do not fall for the bait, if it transpires that the email was in fact a fake or suspicious email.
If you accidently click on an attachment or embedded link, you should immediately turn off your computer and contact your IT Department or IT Services provider, so that they can run a health-check on your PC and take other appropriate actions.
‘Ransomware’ is a particularly disruptive type of malware and is commonly delivered through phishing emails with malicious attachments or malicious embedded links. The victim’s file and or data will be encrypted by the cyber attacker. The result of which, is that the files, data and system that rely on them will be totally unavailable. The cyber attacker will then demand a ransom payment, normally in cryptocurrency, from the victim with the promise of restoring access to their files and data. Remember, that there is no guarantee that the victim’s access to their files and or data will be restored, even after paying the ransom.
Ransomware attacks are fast becoming the most common and lucrative attack methods for cybercriminal. The cyber attackers will target individuals and private sector businesses of any size. We know from media reporting, that all types of business have been targeted and have fallen victim to ransomware attacks.
Awareness of the risks and the potentially damaging impact of ransomware cyber-attacks is key for an organization when deciding on the appropriate measures to put in place to defend against and mitigate the consequences if unfortunately, they do fall victim to a ransomware attack.
You should ensure that you have in place a tried and tested regime of regular backups. Cyber attackers commonly target backups kept online, so you should ensure that you also have backups which are kept offline.
Phishing emails are a common method used by cyber attackers as an entry point for their ransomware attacks. You should provide regular cyber security awareness training to your personnel who have access to your digital resources, so that they don’t fall victim to phishing attacks.
You should ensure that your security software and operating system are up-to-date.
You should implement robust security products to protect your system from all threats, including ransomware threats.
Finally, you should never pay the ransom to cyber attackers, as this will serve to embolden them and may even open you up for further attacks and further ransom demands. You may lose twice if you pay; you may never see your files or data again and it is unlikely you will to get your money back. It is better to have a tried and tested means of recovery in place.
If you have been the victim of a ransomware attack or demand, you should always report it to the RCIPS, as it’s a criminal offence.
Report to RCIPS Tel: 911
Passwords are still a most common way to secure our online accounts and our organisation’s computer systems and data. If the cyber attacker is able to compromise your organisation’s password, they will have access to your systems and data, so it is important that your passwords are not easy to compromise.
‘Weak’ password is the term used to describe passwords that are short in the length, contain commonly used words, or easy to guess or figure-out. Examples of ‘Weak’ passwords are 1234, 123456, password123, passw0rd, abc123, qwerty, the name of your pet, the name of your school or the like.
For convenience, people generally are in the poor habit of reusing the same password across multiple online personal accounts and their work-place systems. This poor practice, provides the cyber attacker with a ‘helping hand’, if say one of your online passwords is compromised (i.e. because known), the cyber attacker, will always try the already compromised password as part of their way into your other online accounts and work-place systems. The cyber attackers also have tools, such as specialised software programs to automate the task of ‘cracking passwords’.
‘Strong passwords’ are more difficult for cyber attackers to compromise, even with the use of automated tools and software. Typically, a strong password is between 10 and 15 keyboard characters in length, remember, the golden rule, that the longer the password, the more difficult, it will be for the cyber attacker to compromise.
The trouble with ‘strong’ passwords is remembering them, so that you don’t have to write it down. A tip is to think about three words that are meaningful and memorable to you and then include one or two numbers in between that are memorable to you.
As part of a regularised programme of staff awareness, staff should be advised that they should never reuse passwords across multiple online accounts and work-place systems. The staff awareness should also include, staff being advised to immediately change their password, if it is suspected that their password has been compromised.
If the work-place systems can enforce a regular change of passwords or a minimum password length, then these features should be enabled by the IT Department or other relevant person.
Where Two-Factor Authentication (2FA) is available, this should always be enabled on online accounts and work-place systems.
The organization should consider implementing appropriate security systems or enable features in existing systems, to monitor and detect any suspicious login attempts and take appropriate action.
Cyber attackers have an abundance of tools readily available at their fingertips to create fake and malicious websites. These websites are created for exploiting and compromising the unsuspecting ‘surfer’, by stealing their personal and sensitive data as well as payment card information.
These fake and malicious websites are designed to look like legitimate online business websites and they may be offering to sell business-related goods at a cheaper price than the legitimate online sites or they may have been created to lure unsuspected persons in believing that they are paying their online utility bills.
The cyber attacker may use the fake or malicious website in combination with other well-known compromise techniques, such as sending a phishing email to employees of the targeted organization or sending utility bill payment reminders. Typically, the text of the email, will be worded with a sense of urgency, for example, it may say that the business has outstanding invoice payment past due, click the link to pay your bill online to avoid service interruption. The link contained within the email, once clicked with take the person to the fake website, which has been created to look identical to the legitimate website.
You should only use trusted and secure websites for your online transactions. One of the signs that a website is insecure is that it will start with http://, whereas secure website will be https:// The https means that your data will be secured with encryption when data is transferred over the internet.
Secure websites, normally have a small padlock next to the web address, or the address may be highlighted in green. If these signs are not presence, it may be a sign that the website is not legitimate.
You should carefully check the domain name of the website. A common tactic of scammers is to create websites with addresses that are very similar in name or similar sounding to legitimate brands, companies or well-known online sites. You should hover your cursor over the address and domain name, to check that the website address makes sense for your online shopping or online transaction.
You should watch out for poor spelling, punctuation and grammar as this could indicate that a website is not legitimate.
You should not use websites that are insecure or require you to make unsecured methods of payment.
You should always do you research before making online purchases.
You should never click on links to access websites from within emails that arouse your suspicion or are from an unknown person or that are unexpected.