This month we wanted to highlight cyber security as the UK government’s National Centre for Cyber Security (NCSC) has been actively reporting the increase in hacking attempts over lockdown, including phishing and spearphishing, during lockdown. For example, in their Weekly Threat Report from the 5th June, they included a focus on “Remote workers targeted by Office 365 phishing scam” which is worth a reading.
So, what is phishing?
A social engineering attack intended to acquire personal data such as login and password details or credit card/bank details. The attacker impersonates a trusted entity to trick potential victims into opening an email, IM or SMS and clicking a link. Unwittingly, the victim enters their account credentials on a fake website or malware is installed, leading to theft of data or money or a ransom being demanded
And what about spear phishing?
This is a personalised version, targeted at specific individuals or businesses, often electronic though increasingly by telephone – known as Vishing. The caller purports to be from a trusted entity such as your bank, internet service provider or the police. With company and personal information freely available online, convincing spear-phishing campaigns are easy to create
Protecting yourself is key
Technology such as anti-malware, website filtering, spam filtering and data backup are essential, however don’t ignore the human element:
If you aren’t absolutely certain of the sender’s identity, don’t open an email/IM/SMS or attachment
Don’t click email links and enter your account credentials if you aren’t sure it’s genuine – fake websites can be very convincing
If you are unsure about a caller’s identity, ask for their details and say you will call back. Find the main telephone number from the company’s website and ask to be connected
You can report suspect emails directly to the NCSC by forwarding to this email address: firstname.lastname@example.org – as at June 2020 they had received more than 1,173,000 reports resulting in the removal of 4,590 scams and 11,543 fake URLs