Phishing expeditions on the rise
By Michael Barker
The threat from cybercrime continues to rise - with fraudsters becoming ever more devious in their efforts to take cash from unprepared businesses.
Phishing is a type of fraud in which criminals send emails claiming to be from reputable organisations such as banks.
It is becoming more common and businesses of all sizes need to be on their guard.
Not being prepared can be costly. There have been reports of one business that has recently lost more than £20,000 after falling for a phishing expedition.
There seems to be a trend with these recent emails in which the phishing email looks to be from a person known by the recipient, making them think it is legitimate. People’s details are taken from a previous victim’s Outlook contact folder.
The email suggests there is a document that needs reviewed. If the link is followed it takes the user to an email login page, this site asks for the username and password of the recipient.
When these are provided, the fraudster gain access to their contact list and sends an email, purporting to be them, to everyone on it, and so it goes on.
In one particular case the fraudster sent an email as the client to their finance team asking that some £20,000 be transferred to a new bank account.
The request was processed and the funds were transferred to the fraudster’s bank account; then passed on from there.
There are measures you can take to protect yourself from this type of fraud.
Configure accounts to reduce the impact of successful attacks by giving your employees the lowest possible level of IT privilege needed to do their job.
Train your staff to be on their guard – to look out for requests that are unusual – for example, sending a large, one-off payment to a supplier, or providing their passwords or credit card details.
Be aware of what to look out for. Although phishing emails are becoming more sophisticated, there can be warning signs such as incorrect addresses, or poorly written messages with grammatical mistakes.