Just recently it was revealed that both Facebook and Google were victims of a sophisticated phishing attack which stole $100 Million over two years. It’s surprising that two major tech companies could fall for such a scam, but the truth is that phishing is now a big business and the criminals behind it are getting better at it every day.
What is Phishing?
Phishing is when a scammer sends out an email claiming to be from a well-known organisation in an attempt to gather personal and financial information. You typically see these emails come from banks, mail carriers etc.
Several recent phishing campaigns targeting Australians have featured precise replicas of the imitated organisation’s brand design and competent use of English, where the typical fake email might historically have been easier to identify thanks to spelling errors, poor grammar and inconsistent design.
Red Flags
Be wary of hyperlinks in emails, even if they look legitimate they could be linking to an entirely different URL.
Bad spelling and grammar can be signs of a scam email, also if the email starts with a generic greeting. However, some phishing emails are getting more sophisticated and targeted so bad spelling may not always be present.
Many phishing emails contain threats or negative consequences if action is not taken. These are usually in the form of account closure or legal action if payment is not made immediately.
Was the sender someone you don’t normally deal with, or was it out of the blue? Never click on links in an email from a sender you don’t know.
How to prevent phishing
It is important to remember that these organisations will never ask for your personal or financial information. If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.
You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.
Remember to always stay vigilant about what links you click and what information you provide. It’s also important to have a working Disaster Recovery Plan in place in case everything goes belly up.