It is estimated that spam emails cost businesses up to $30b a year in lost productivity, not to mention that 33% of cyber-attacks originate
from phishing emails. In
their recent report
the Australian Cyber Security Centre (ACSC) reports phishing as the most popular way for criminals to obtain information illegally, most
of this is done via email.
In September this year Aussies personally lost more than $250,000 to phishing scams – and that's only the victims who have come forward to report their losses.
Just this week the ACCC warned of yet another phishing scam for perpetrating to be Netflix and Google estimates it blocks 18 million COVID-19 scam emails a day from its 1.5 billion users
So, how can we combat this threat?
Today, David hosted another webinar on behalf of the College of Law's Centre for Legal Innovation along with Matthew See from WatchGuard
tackling just that issue.
The Facts
What is a phishing?
Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and
credit card numbers or in some cases they try to get the victim to transfer them funds or purchase gift cards. As we mentioned earlier,
this is most often done via email.
How to spot a Phishing email
Phishing emails often can come from an organisation you don’t even deal with. For example, we’ve been sent emails from the “Commonwealth
Bank”… but we don’t hold any accounts with them.
Brands that are commonly copied include:
- state and territory police or law enforcement (fake fine scams)
- utilities such as power and gas (fake bills and overdue fines) postal services (parcel pick-up scams)
- banks (fake requests to update your information)
- telecommunication services (fake bills, fines or requests to confirm your details)
- government departments and service providers such as the Australian Taxation Office.
Because of phishing, it is now standard policy for many companies that they will not call, email or SMS you to:
- ask for your username, PIN, password or secret/security questions and answers
- ask you to enter information on a web page that isn't part of their main public website
- ask to confirm personal information such as credit card details or account information
- request payment on the spot (e.g. for an undeliverable mail item or overdue fee).
Key areas to watch for
Be sure to check the email address to confirm the true sender
|
Look, but don’t click Hover or mouse over parts of the email without clicking on anything. If the alt text looks strange or doesn’t match what the link description says, don’t click on it
|
Check for spelling errors Attackers are less concerned about spelling or being grammatically correct |
Is the greeting general or vague? Is the greeting “valued customer” or Dear (insert title here) |
Is the email asking for personal information? Legitimate companies are unlikely to ask for personal information in an email
|
These emails might try to make it sound as is there is some sort of emergency? (e.g. the CFO needs a $1m bank transfer or someone needs you
to buy gift cards for staff rewards) |
Check the email signature Most legitimate senders will include a full signature block at the bottom of their emails |
Attackers like to trick you with an enticing attachment or link. It might have a really long name or it might have fake icon for excel which isn’t a spreadsheet or be a failure notification that you are urged to fix |
How technology can help
Spam and DNS filtering are excellent tools in the fight against spam and phishing scams, they improve security by blocking access to
malicious and risky websites, they prevent malware downloads from malicious websites or email attachments, keeps your defence up to date
with targeted threat analysis and zero-day updates to protect you as threats arise and all in all prevents users from accessing material
that could be malicious.
With phishing attacks the number one attack vector, FortiTech can ensure your organisations email is secure with 5 Anti-virus & Anti-spam engines, full message queuing, Outbound Filter & Message Continuity/DR webmail. Ifyou are interested in implementing this for your organisation simply give us a call on 1300 778 078.