Posted on 5th April 2016
Hello folks, thank you for visiting my online blog where you can find the latest cyber safety tips. If this is your first time visiting then welcome!
For this month’s cybersecurity news I will be looking at emails and how we can all take steps to protect our details from getting into the hands of cybercriminals.
Earlier this month I learnt of the sad news that the inventor of email, Ray Tomlinson, also known as the ‘father of email’ passed away at the aged of 74. This dominated headlines and made me realise how he has truly revolutionised our communications, particularly in the world of business.
Tell me, can you honestly imagine the world without email? Can you imagine a business working solely on post? You’d never get anything done just waiting for the reply.
As with many technological developments, email has also given criminals the opportunity of finding new ways to commit their crimes, as we can see from phishing and other scam emails.
Fraudsters use the method of phishing to access valuable personal details, such as usernames and passwords, by sending emails with malicious attachments or website links in order infect a computer or mobile device.
A particular type of phishing email, known as ‘spear phishing’, sees fraudsters attempting to target organisations to seek confidential data or funds. Unfortunately I have come to learn about a particular case of spear phishing involving an email appearing to be sent by the chief executive officer of a business asking staff to carry out certain requests, for example moving funds from one account to another or database access.
Emails such as this may seem like reasonable request if it is part of business routine, and let’s be honest, how many people would question their CEO or senior manager over a request, especially if it appears as business as usual?
In the past, larger companies have had financial losses and also lost valuable data after criminals used publically available information to gain knowledge of companies, including the names of senior staff members.
Some of the tell-tale signs to look out for with spear phishing cases include emails that may request urgent action and payments to be made outside of normal business protocol to secure an important contract.
Advice for avoiding this type of scam includes:
- Always check over any unusual payment requests in person or by telephone. Do not use the contact details provided on the email;
- Establish a business protocol and be sure to document internal processes around requesting and authorising payments;
- Be suspicious around any requests for payments to be made outside of the organisation;
- Treat any urgent email requesting payment or data details with caution, even if the message does appear to have originated from someone internally;
- Consider the language written in the email, ask yourself, does it read the way you have received other emails from the same sender? Does it have a different style?
The amount of opportunities created by having access to the emails system is endless, messages are sent daily for greater purposes and it’s something we seem to take for granted every day. So thank you, Ray Tomlinson, for inventing email and putting the ‘@’ symbol on the map!
If you have any cyber concerns or would like advice on an issue, let me know. It could be our next blog post.
Visit the cyberhub here for the latest Protect Yourself Online news, advice on a range of online issues such as social media safety, frauds and cyber bullying, along with upcoming virtual surgeries.
Follow me on Twitter for daily advice and information: @DigitalPCSO