editor ’ s question
?
I
phishing attacks . t ’ s often said that the only certainties in life are death and taxes . These days , a third item needs to be added to the list :
These targeted attempts to illicit personal details from unsuspecting users are growing in both number and sophistication . Cybercriminals are mounting them with the aim of either causing disruption to an organisation ’ s IT infrastructure or securing a financial gain .
When they first emerged as an attack type , phishing attempts were relatively easy to spot . The poorly written nature of the emails , often riddled with spelling mistakes and grammatical errors , made recipients regard them with suspicion and avoid any associated attachments or links .
However , cybercriminals have become much better at their craft . Today , many phishing emails are almost impossible to distinguish from real ones . They often appear to have come from a legitimate source and can be difficult to spot amid a daily email deluge .
Be ever vigilant
Today , many phishing emails are almost impossible to distinguish from real ones .
• Watch for poor grammar : While phishing emails have become more sophisticated , many still contain misspellings and errors . If a received message has glaring errors in the text , proceed with caution .
• Check the sender ’ s email address : Some phishing emails can be spotted by checking the address from which they were sent . It might be similar to a legitimate address , but slightly different . If something doesn ’ t look quite right , avoid opening the message and double-check with the apparent sender .
• Avoid clicking on embedded links : Many phishing emails contain links that take recipients to websites that contain malicious code . Think very carefully before clicking on any links in emails unless you are confident they have come from a legitimate source .
• Never download files from an unknown source : Attaching infected files to phishing emails is a popular tactic among cybercriminals . Resist the temptation to download files if they have come from an unknown sender .
• Check with your security team : If and when you receive what appears to be a phishing email , forward it to your organisation ’ s IT department for closer inspection .
By taking these steps , the chances of falling victim to a phishing attack can be significantly reduced . This means disruption can be avoided and legitimate workflows can continue .
Thankfully , there are some practical steps individuals can take to reduce their chances of falling victim to a phishing attack . They include :
• Don ’ t trust unusual requests : Some phishing emails can appear to have come from a trusted colleague or manager which can make opening them tempting . Always keep an eye out for requests that seem out of the ordinary or arrive at odd times of the day or night . If in doubt , confirm veracity of the message with the apparent sender by phone .
ANTHONY DANIEL , REGIONAL DIRECTOR – AUSTRALIA , NEW ZEALAND AND PACIFIC ISLANDS , WATCHGUARD TECHNOLOGIES
28 www . intelligentciso . com