Phishing a type of online scam used by fraudsters to access valuable online personal information, e.g. usernames and passwords. These can be of huge monetary value to criminals.
Phishing can take the form of emails containing website links or malicious attachments. Cybercriminals send bogus emails, instant messages, text messages – even letters – to lure their victims in. These communications can often, at first glance, appear to be authentic communications from legitimate organisations. Links embedded within an email can take you to a spoof website where your login details may be requested, stored, and ultimately misused. You also run the risk of your computer or smartphone being infected by viruses.
Once these cybercriminals have access to your personal details, they use this information to commit fraudulent activity such as bank fraud and identity theft.
Spear phishing
Spear phishing takes a more sophisticated approach. It aims to win the trust of a victim through personalized messages which appear to come from a trusted source with the aim of eliciting sensitive information to derive some form of financial gain.
As with email communications used in regular phishing expeditions, spear phishing messages are designed to look like they come from a trusted source, such as a trusted website (classic examples being eBay or Paypal). In the case of spear-phishing, however, the fraudster is likely to be someone known to the recipient, or their company.
How to spot a phising email
What can you do to protect yourself from a phishing scam?
There are a number of steps we recommend you adopt to protect yourself from this ever-growing form of cybercrime:
- Be proactive. Where personal information is requested by email/phone, never give it. Where telephone numbers/links are provided in these communications, don’t use them. Contact the organisation through their official website (look out for the “https” prefix, indicating it is secure), or listed telephone number to verify the communication is legitimate.
- Ensure your anti-virus software is up-to-date and enable your spam filter. If you are suspicious of an email, mark it as spam and delete it. This prevents future messages reaching your inbox.
- Beware of unknown sources. Don’t click on links featured in emails sent to you by a source you don’t know (and even if they’re purported to be from one that you do, be on your guard).
- Remember that your bank will never contact you via email asking for sensitive information such as passwords.
Recommended reading:
IT Security - Email Security Awareness
A colleague requested that we should have some form of IT security awareness program. So to kick start it, the first article of this topic will centered around Email Security.
Security Awareness
Security awareness is nothing but a knowledge of potential threats. Its an advantage of knowing what type of threats / security issues and number of incidents, our organization may face in day-to-day operation. It's not possible to ensure 100% security through technology, unless staffs are provided with adequate information security awareness. Personal responsibility are the key of success of any information security program.
Why Information Security
Information is a valuable asset for all kinds of business. More and more information related crimes happen. Information leakage, damage will impact business. With regards to online information, the Internet allows an attacker to attack from anywhere. Malicious code from an email, a web page or a file in USB, can infect the entire organization. A breach is often the result of a simple mistake (or lack of awareness).
Rules to Stay Safe Online
- Rule #1. Stop, Look, Think!. Use that delete key.
- Rule #2. Do I spot a Red Flag? Verify suspicious email with the sender via a different medium (e.g personal call, messaging).
- Rule #3. When in doubt, throw it out.
End User Email Security Best Practices
There are also some important best practices that end users should follow to ensure secure email usage. Arming your employees with the know-how to avoid risky behaviors can make a substantial impact on your company’s ability to reduce risks associated with email. Email security best practices for end users/employees include:
- Never open attachments or click on links in email messages from unknown senders.
- Change passwords often and use best practices for creating strong passwords.
- Never share passwords with anyone, including co-workers.
- Try to send as little sensitive information as possible via email, and send sensitive information only to recipients who require it.
- Use spam filters and anti-virus software. We know that you're busy but if a technician from Pasti Nyala came over to perform routine maintenance, do allow them to do their job.
- If you received some suspicious emails from your co-worker, do verify with them. This will alert they of possible breach of their email account.
- When working remotely or on a personal device, use VPN software to access corporate email.
- Avoid accessing company email from public wi-fi connections.
Countermeasures
Countermeasures can take the form of software, hardware and modes of behavior. Behavioral countermeasures include:
- frequent deletion of stored cookies and temporary files from Web browsers
- regular scanning for viruses and other malware
- regular installation of updates and patches for operating systems. Let Pasti Nyala technician handle this for you.
- refusing to click on links that appear within e-mail messages
- refraining from opening e-mail messages and attachments from unknown senders
- staying away from questionable Web sites
- regularly backing up data on external media.
Email Jargons
Spam email or Junk email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated.
Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as bank account numbers, credit card numbers, or your login IDs and passwords. Scammers use your information to steal your money or your identity or both.
Scammers also use phishing emails to get access to your computer or network then they install programs like ransomware that can lock you out of important files on your computer.
Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies. Or they pretend to be a friend or family member.
GMAIL - Last Account Activity
If you are a user of GMAIL, open your mail box and scroll to the bottom of your mail box. On the right side, there is an information on your Last Account Activity. Click Details to show your historical access to your mail box. Perform this task occasional and report an incident if you noticed something abnormal about your activities, as someone else might be trying to hijack your email account.
Lastly, do report any abnormality or incident to our IT Support or email direct to RWS so we can investigate and perform corrective measure.
In most companies, staffs required some form of talent, usually technical talent to accomplish a task. Soft skill talents are also required to resolve certain issue for example, dealing with demanding customers, resolving complaints and so on.
However, no talent is required for staffs to comply or perform their duty as expected by the company or work policies. Below is a list of 10 things that required ZERO talent.
1. Being on time - being on time arriving at the office. being on time completing the assignment. don't give excuses of traffic jam. Wake up earlier or go to work earlier. Sleep early. Avoid mid-night lepaking. For timely assignment, don't delay.
2. Work Ethic - focus on your task and commit to complete it.
3. Effort - deliver a task with quality in mind. Sub-standard work equals partial effort.
4. Body Language - if you're genuine and honest, your body language won't lie.
5. Energy - stop wasting your energy on non-productive tasks, like mobile games, social networking, gossiping, surfing, etc.
6. Attitude - don't just promise that you are going to complete the assignment. Get it done.
7. Passion - been keen to learn and understand the business or operation.
8. Being Coachable - be open to new ideas and better way of doing things. Keep note of important tips and how-to guides.
9. Doing Extra - whenever possible, volunteer to do extra.
10. Being Prepared - plan your work. Create and update your to-do list.