The Danger of Phishing
Phishing – you’ve probably heard of it. It’s one of the most common types of cyber attacks and users are constantly warned about its dangers. It’s so prevalent, in fact, that many cloud email providers (think Gmail and Yahoo!) provide an alert within any suspicious looking message that it may be a Phishing attempt. Commonly, users are warned about the dangers of clicking links in emails from senders they don’t know and are told not provide to passwords or input any sensitive information to a website that looks suspicious. Unfortunately those are just some of the most common ways that attackers are now gaining access to sensitive data and materials.
The “Nigerian Prince” emails are infamous and most people receiving them know they’re a scam, but there are other ways that attackers can convince individuals to wire them funds. Email Spoofing is a type of cyber attack (and is considered Phishing) that allows a party to send an email that looks exactly as if it’s coming through a specific network using a specific username.
Unfortunately, there have been cases reported of employees receiving emails they think are being sent by their co-worker or a supervisor requesting wire transfers of funds or access to secure information. In these instances, the individual has no reason to question who is sending the email because it’s coming from an email address they recognize and from within their organization. They may question why the request is being made, but in some instances – depending on the industry and the nature of business that is regularly conducted – even a request for a large wire transfer may not put up any red flags.
Thankfully, this type of scam can be mitigated by having the appropriate anti-spam techniques in place as well as by educating your employees about the latest techniques used by these scam artists. By ensuring that your organization has a Sender Policy Framework (SPF) in place, domain owners are able to specify which computers are authorized to send mail with a sender address from that domain. This helps to stop an attacker from being able assume the identity of someone within the organization.
For more information on ensuring that your company has the necessary security protocols in place, call us at (508) 543-6979, or click here to request a Security Assessment.
Also, check out this infographic below for more information on Phishing (click for full document).
Infographic via TraceSecurity.com