30 May 2023
Avoid Phishing: don’t be a victim!
The threat of phishing emails remains high. Even more so since COVID-19 resulted in employees adapting to work remotely from their homes. Alternatively, through a hybrid approach, with time divided between homes and offices. The current conflict situation involving Russia and Ukraine has further heightened the cyber threat level of associated activities.
Hackers quickly identified the opportunity to take advantage of this unprecedented situation and raised their game around attempts to hack organizations.
Employees within any organization remain its greatest asset. But, they can also be its greatest security threat due to their inherent trusting nature. It is far easier to hack a human rather than attack sophisticated system-based controls that
maybe in place.
The number of Phishing emails has increased by approximately 400% globally over the past 18 months. Particularly, employees remain a prime target predominantly by clicking a link and opening a malicious attachment. Moreover, providing personal or commercial data, or unknowingly sending payments to a fraudulent recipient.
Phishing emails are effective because they are quick, cheap, and easy to send and can reach millions of mailboxes within seconds. One-click or response makes it worthwhile for hackers.
Here are some useful hints and tips to watch out for when receiving an email to help you stop becoming the victim of a successful phishing attack:
Always assess the context of an email. Identify the sender, are you supposed to receive an email from them, or is it completely out of the blue or making an unusual request?
Be suspicious if the email portrays to be from a work colleague internally from your organization but is marked as external.
If the sender hassles you to do something or to take an action, stop. Never feel rushed into taking an action, it’s a common tactic to hurry you into making a mistake.
An incentive to open an attachment. For example, something nice if you comply such as a gift voucher, or something nasty if you don’t i.e., using fear in the hope to convince you to click a link or open an attachment.
Correct domain name/email address. Check the email properties. May have replaced letters to fake a domain name such as the use of ‘rn’ to look like an ‘m’.
Addressed to you personally or just generic i.e. Dear Sir or Madam. Many Phishing emails are not personalized. Trust your instinct and report. Always ask for help if unsure.
Request for money/change of bank details held on file or to provide personal details. Please be wary of unexpected requests.
Remember, genuine email accounts are also hackable. Check the content of an email if the style of a message from a contact that you know suddenly changes i.e., the way they address you or their grammar/ use of language changes or they ask you something odd and unexpected such as clicking a link or opening a strange and unexpected attachment.
If unsure of the legitimacy of an email portraying to be from a contact, verify its authenticity by contacting them directly via independently verified contact details, not from the details displayed within the email just received! Pick up the phone and verify.
Think before you click, always assess the content and context of an email, and don’t feel rushed into taking an action, if in doubt pick up the phone to verify a request with the sender, and report all suspicious emails to your organization’s IT team through the relevant channels.
New research has investigated the cases where cyberattacks in the maritime industry lead to ransom payment. Hence, shipowners pay more than US$ 3 million on average to the perpetrators.