Cyber Security, SMB IT | 17 May, 2017

Don't Believe Everything You Read - Especially In Your Inbox

It’s evident that social engineering cyber-attacks, namely ‘phishing’ and ‘whaling’ have grown from small-scale issues into pre-eminent threats. Some companies targeted by such scams have lost as much as $57.6m, with the FBI estimating that whaling schemes have cost businesses $2.3bn globally in recent years

It’s evident that social engineering cyber-attacks, namely ‘phishing’ and ‘whaling’ have grown from small-scale issues into pre-eminent threats. Some companies targeted by such scams have lost as much as $57.6m, with the FBI estimating that whaling schemes have cost businesses $2.3bn globally in recent years.

Here's how it works: the cyber-criminal disguises themselves as a figure of authority within a company, such as a Managing Partner or CEO, and sends an email to an employee requesting a data transfer. This message will appear highly credible, have a similar-looking domain name and will be hand-typed by the criminal to avoid spam filter detection. The message will usually be urgent in nature and request immediate action, leading the recipient to ignore standard procedures for fear of being an annoyance to the CEO, which lets admit, none of us want.

So, what do you do?

A lot of people in that situation don’t do their due diligence and without question adhere to the needs of the perceived ‘CEO’. Companies including Snapchat, Seagate and Weight Watchers International have all fallen victim to such attacks in recent times, with 43% of organisations surveyed by Mimecast reporting an increase in attempted sensitive data transfers involving whaling or CEO impersonation fraud in the last 3 months alone.  

“65% of IT professionals don’t feel fully equipped or up-to-date to reasonably defend against email-based attacks”.

Companies may lack the essential security safeguards to deter attackers such as data encryption, endpoint security and email gateway technology to identify suspicious email, but it begs the question - why?

Why, even in the wake of such high-profile companies being attacked by phishing and whaling scams are companies not taking note and improving their security procedures?

Here are five ways you can help guard yourself against attacks:

  1. Educate - Coach employees to recognise impersonation emails.
  2. Simulations – Send staged whaling emails to key individuals to raise awareness.
  3. Email Design – Periodically re-design email layouts and use unique identifiers.
  4. Rethink Procedures – Add extra levels to authentication procedures and second signatures when transferring money to trigger approval.
  5. Pick up the phone – If in doubt, pick up the phone! If there’s been a request to transfer funds, call the company that’s requested it and get it verified.
Posted by Wayne Barber

Related articles

Case study: Clarkson Wright & Jakes Solicitors
Law firms face daily pressures in dealing with detailed documentation that must not only be in the correct formats, but that also must be fully
How to get your partners on board with cyber security
In the typical law or accountancy firm, it’s always the partners who are looked upon to spearhead change and keep the practice moving forward with
Avoiding the cyber crime threat from Making Tax Digital
Introduced in 2019 ahead of a wider roll-out, Making Tax Digital (MTD) is a government initiative which aims to transform the UK tax system.

Prepare your firm for the future of work. Register for a demo today.

GET IN TOUCH