Phishing, Whaling, Spear Phishing – it all sounds a bit fishy to me!

As the names suggest, “phishing” all about luring and baiting people with the ultimate goal being to defraud a business or person of money.

Firstly, what do all of these terms even mean?

Phishing – an email designed to get a reader to click on a link or open an attachment
Spear Phishing – the message appears to come from someone inside the business, requesting you to either click on a link or open an attachment
Whaling – highly customised emails that target high profile employees (e.g. CFO) and can be difficult to detect
Vishing – a phishing attack on the phone, to obtain sensitive information

With an enormous (and increasing) number of people active online, it’s no wonder that cyber crime will continue to increase indefinitely, especially  as attempts to defraud people online become more sophisticated .

Here’s the tricky part – where scam emails used to look quite obvious (send $10,000 to Nigeria, or buy a product to enlarge a certain part of your anatomy), the strategies being used to reach new victims are becoming more difficult to detect.

And we’ve seen staff at ALL levels of organisations fall prey to such scams – not just office staff, but also managers, CEOs and Managing Directors.

Plus, all the best Antivirus software and company policies won’t give you 100% protection against people clicking on a seemingly innocent or legitimate email, which has the potential to cripple your business and bring it to a stand-still.   We’ve seen it happen too many times, sadly.

Tips to help avoid phishing and whaling, please remind ALL of your staff regularly –

  • Don’t open attachments that you aren’t expecting.  If you DO want to check an attachment from an unknown sender, open it on a device not connected to the network, such as an ipad or mobile phone which has wifi turned OFF
  • Always be wary when directed to website links that you know nothing about. Simply visiting certain web pages could automatically install malware (viruses, spyware, etc) on your PC or expose you to ransomware attacks.
  • Even if the email appears to originate from someone inside the business with authority and they are currently away, consider picking up the phone and asking them if it’s genuine before you transfer any funds or click on an unexpected link. Malicious attacks can be surprisingly disguised as seemingly innocent requests or links.

You should also make sure your Antivirus software is kept up to date, and that your firewalls (desktop , network and Human Firewall ) are maintained.

If you have any questions about cyber security awareness , talk to your IT engineer or give us a call

 

Carley Nicholson, General Manager, Outsource IT

Back to all articles