Author Stuart Barker
Remember: Think before you click.
Cyber crooks are opportunistic. They look for major events on which they can feed. They are also fast, responsive and relentless. From planned events such as Easter, Christmas or the Holidays to reactive events such as your bank being down, the place you shop online having an outage they are there and they are ready.
Here is what phishing will look like
- You will get an email that looks like it is from your bank / website
- You will be asked to click something / open something / download something
Phishing Warning Signs
1. The NUMBER ONE WARNING SIGN: You are being asked to click something, open something or download something.
This is where the warning bells should sound. A bank / website will NEVER send an email to ask for your password or security details. A bank / website will never ask you to download something unless you have requested it.
Did you ask for the email?
Is the grammar and wording correct?
Does it ‘feel’ like a legitimate email?
Do you even bank with this bank? Use this website?
Consumers can be attacked on several fronts. One of the main strategies is phishing, which consists of spoof emails that purport to come from an online bank or shop. Users are asked to click on a link and enter their bank details. If they do, any data they enter could end up in the hands of cyber crooks.
These phishing attacks are easy for the attackers to distribute and they don’t care who they target. A common approach is to send an email that says something like;
“Your order is being processed. The total outstanding balance is £787 (inc VAT). Please click on the link below to view your order. You have 48hrs to cancel this if required.”
Obviously you’re immediate reaction would be to who has been using your card? Maybe you’ve been hacked? Your mind is screaming “CLICK THE LINK!” But wait. THIS is the hack! THIS is the scam. DO NOT CLICK THE LINK. Don’t do it. Don’t.
Take a close look at the email address. Does it look like a real address? Copy and paste the address into Google and investigate it. If you’re really concerned, contact the company (who sent you the email) and talk to them.
Think before you click.
ISO 27001 Phishing
ISO 27001 is the international standard for information security. Gaining an ISO 27001 certification shows your commitment to cyber security. As part of ISO 27001 there is a program of education and awareness of employees. Informing employees about phishing can form part of this. Make sure you regularly update and train staff on the cyber dangers.
ISO 27001 Education and awareness
Your company will have an ISO 27001 policy document that looks at education, awareness and ISO 27001 training. The standard has section A.7.2.2 that relates to Information security awareness, education and training. It states in the control that ‘All employees of the business and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organisational policies and procedures, as relevant for their job function.’
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart: