Thanks to the power of social engineering, phishing remains a powerful method of hacking organizations. Reducing this risk, therefore, is crucial.

Phishing has been active since the early days of the internet and, unfortunately, it doesn’t appear to be going anywhere soon. Thankfully, you don’t have to fall victim to these deceptive attacks as there is plenty that any organization can do to protect its data. And, don’t worry, it doesn’t involve investing millions in state of the art technology. All it takes is a little bit of common sense and an understanding of how phishing attacks work.

To get you started we’re going to show you how to reduce the risk of phishing attacks.

Antivirus Software is Key

One of the best ways to reduce phishing emails is by working with antivirus software. Capable of scanning attachments and analyzing links contained within emails, a good antivirus software can easily target the two main ways that phishing attacks unleash their payload. However, as with all software, it’s important that you update it regularly and install updates immediately. Phishing attacks can spread round the world very quickly, so you need to stay one step ahead of them.

Keep Up to Date with Phishing Attacks

Hackers are constantly developing their techniques and tweaking their methods, so it’s vital that you keep an eye on what’s happening in the world of phishing. New attack methods can be launched very quickly and be in your inbox within a day, so make sure that you’re regularly monitoring IT news sources to prepare yourself for any incoming threats.

Educate Your Employees

The main targets of any phishing attack against your organization will be your employees, so they have to be educated in order to prevent any data breaches. The basics of phishing are relatively simple, so the training doesn’t need to be too in-depth. All you have to do is ensure that these basics are hammered home so that employees know how to spot a phishing email and how to deal with it.

Practice Phishing Attacks

A popular method for reducing the risk of phishing attacks is by running regular exercises to test your employees. For example, fake phishing emails can be randomly emailed to your employees that test whether they are susceptible to phishing scams or not. Usually, these emails will contain a fake link that urges them to complete something on behalf of the company – such as IT training – but the actual URL contained will be a ‘malicious’ one. Those employees that fail to spot the ‘malicious’ link can then be asked to take a refresher training course.

Combine All Your Preventative Methods

The key to reducing the risk of phishing attacks is by combining all of the above into one multi-faceted security approach. An amazing antivirus software solution, for example, isn’t effective enough on its own. Instead, you need a firm knowledge of the phishing landscape, amazing employee training and regular tests to guarantee that you can tackle phishing on all fronts.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


You’ve read the headlines and you may even have been a victim of phishing, but what is it and how does it work?

Phishing is a highly dangerous form of hacking which can compromise sensitive data and cause significant disruption to the running of a business. One of the main reasons that phishing has become such a successful method of wreaking digital havoc is down to a lack of knowledge on the behalf of PC users. While phishing is far from the most complex hacking technique, the average PC user is unlikely to know the ins and outs of phishing.

As we know that time and productivity is a valuable asset for your organization, we’re going to take a look at the basics of how phishing works.

What is Phishing?

Let’s get one thing straight, phishing is nothing like sitting by a lake and peacefully fishing. In fact, it’s far from enjoyable, but there is one element that remains the same. And that’s the use of bait. You see, phishing thrives upon the use of bait to obtain information out of an innocent party. The most common way to phish, in the digital landscape, is through an email. And, within this email, will be a piece of bait with which the hackers plan to land a prize catch.

Leaving the world of fishing behind, a phishing email is one which uses a number of deceptive techniques to extract sensitive data such as login details, bank details or even secure data such as customer database spreadsheets etc. Essentially, phishing is one big con and, as with all cons, gaining the trust of the victim is crucial to success. That’s why hackers are so keen to appear genuine when they send their phishing emails.

The classic example of a phishing email is one that claims to have been sent from a bank to verify your login details. A scare tactic will usually be employed, such as a report of unusual activity on the account, in order to encourage a swift response which foregoes any rational thought. A link will be included in the email which the user is advised to click in order to go through a series of security checks. However, clicking this link will take you to a malicious website – even if it looks genuine – where your data will be harvested to help fuel identity theft or, in extreme cases, a loss of funds.

Why Does Phishing Work?

You may be wondering why people fall for phishing scams and the simple truth is that it’s down to a lack of concentration and analysis. Phishing takes advantage of these weaknesses on both individuals and security software. By planting a seed of trust, such as promising to safeguard your personal data, the hacker can, in fact, do the complete opposite and use this trust to harm you.

Key to successful phishing emails is the use of social engineering to convince recipients that the emails are genuine. Phishing emails will be packed full of official company logos and it’s even possible for hackers to spoof official email addresses in the From: section of an email. And, for people busy at work, it’s easy for them to take their eye off the ball for just a fraction of a second. As a result, links are clicked that shouldn’t be clicked and hackers land their prize catch.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing is now so prevalent and sophisticated that even the biggest organizations on the planet are likely to be duped by phishing scams.

Immunity from such attacks is a difficult privilege to secure, so any organization that wants to remain productive needs to understand the threats out there. While you would expect most phishing attacks to target smaller, less secure organizations, this couldn’t be further from the truth. Instead, many hackers are taking on high profile organizations due to the challenge on offer and the publicity that such attacks bring.

Understanding how these businesses have been phished is crucial as it helps you to understand exactly why you need good security. To provide you with a foundation of knowledge, we’re going to look at some high profile organizations that have been phished.

Facebook and Google

Two of the biggest names in business on the planet, Facebook and Google found themselves at the center of the same phishing scam a couple of years ago.

Evaldas Rimasauskas, from Lithuania, used a simple phishing campaign whereby he posed as the head of a Taiwanese parts manufacturer called Quanta. Key to this scam was that Facebook and Google both used the genuine Quanta company to conduct business with. Through a combination of compromised emails, forged invoices and a lack of suspicion on the two tech giants’ behalf, around $100 million was paid out to Rimasauskas between 2013 – 2015.

Anthem

Anthem is one of the largest health insurance companies in the US and, as you can imagine, they hold a substantial amount of private and confidential data. However, in 2014 they lost nearly 78.8 million consumer records due to a phishing attack.

It’s believed that a foreign government was behind the attack, but the method employed was still ridiculously straightforward. An employee at an Anthem subsidiary opened a phishing email which allowed malicious content to be downloaded to the employee’s PC. Once these files were executed, hackers were able to take control of the PC by remote access and start making their way deep into the Anthem network. One of the sections that were of most interest was Anthem’s data warehouse where the hackers had access to customers’ medical histories, social security numbers and address details.

Snapchat

The popular social media app Snapchat found one of its employees being targeted by a spear phishing scam in 2016 which compromised confidential data.

A seemingly innocuous email was sent to Snapchat’s payroll department in February 2016 which claimed to have been written by the company’s CEO. The email requested that employee payroll information was forwarded on for internal reference. Unfortunately, one of the payroll employees did not realize this was a less than genuine request. A significant amount of personal information about former and current employees was then emailed to an external party. Due to the nature of the data obtained, hackers then had the potential to use it to engineer identity theft.

RSA Security

Even IT security companies aren’t safe from the threat of phishing emails as RSA security discovered back in 2011.

Hackers designed two separate emails which were sent to four employees at RSA’s parent company EMC. The emails, which appeared to be from a recruitment website, contained an attachment referred to as ‘2011 Recruitment plan.xls” in the email’s subject line. However, this was a malicious attachment and, upon clicking it, a zero-day vulnerability in Adobe Flash would be exploited and lead to the download of a backdoor virus onto the user’s PC. The hackers were then able to access RSA’s network where they had access to 44 million employee records.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing is big business for hackers and you can rest assured that it’s a niche they’re keen to exploit, but how do you know when you’re being phished?

Kaspersky Lab reported around 246 million phishing attempts being executed in 2017, so it’s fairly clear that phishing is taking place on a monumental scale. And, to provide a little perspective, those 246 million phishing attempts are only the ones that were picked up by Kaspersky’s software. If you factor in all the other security providers’ data then you’re left with a staggering amount.

Phishing, therefore, is something that you’re likely to encounter and, the truth is, your organization is likely to receive a significant number of phishing emails every day. Thankfully, protecting your business from the dangers of phishing emails is relatively easy. And, to help boost your defenses, we’re going to show you four ways to tell if you’re being phished.

1.  Analyze the Email Address

While it’s straightforward to mask an email address with a false one, many hackers simply don’t bother. And that’s why you’re likely to find that most phishing emails are sent from unusual email addresses. Say, for example, you receive an email from your bank asking you to provide sensitive information regarding your account, it’s not going to come from a Hotmail address, is it? However, many people fail to check the sender’s email address and, instead, become distracted by the seemingly genuine contents.

2.  How’s the Grammar?

A tell-tale sign of a phishing email is poor grammar and even worse spelling. Hackers, after all, aren’t too bothered about honing their command of the written word. All they want to do is hack and hack big. Accordingly, their emails will fail to contain the type of language you would expect to receive from a work colleague or another organization. So, remember: if they can’t spell your name in their opening introduction then you should be highly suspicious.

3.  Did You Ask For Those Attachments?

Hackers love to catch their victims out with attachments that contain a nasty payload, so any attachments should always be treated with caution. Sometimes these attachments can be easily identified as malicious, but it’s not always simple. First of all, ask yourself whether the attachment is relevant to your job. If you work in the service department and you’ve been sent a spreadsheet relating to company finances then there’s no need for you to open it. Secondly, keep an eye out for file extensions you don’t recognize as opening these could easily lead to executing malware.

4.  Deceptive Links

One of the main objectives of a phishing email is to take the recipient away from the security of their PC and onto dangerous websites which are riddled with malware. And the best way they can do this is through the use of a deceptive link. While a link may look genuine on the surface, it can easily direct you somewhere else altogether. The best way to verify a link’s true destination is by hovering your mouse cursor over the link to reveal the true URL address.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Phishing emails are the scourge of our inboxes and there seem to be more and more each week, so what should you do when you receive a phishing email?

The aim of phishing emails is for the sender of said emails to obtain sensitive information from the recipient. This goal is realized by cleverly disguising the email to make it look as genuine as possible and, therefore, gain the recipient’s trust. Data targeted by phishing emails usually relates to sensitive details including login details and passwords. And this data leakage can cause serious harm to businesses with the average cost of a phishing attack on a medium sized business costing around $1.6 million.

No organization that wants to remain productive and competitive wants to deal with the chaos of a phishing attack, so we’re going to take a look at what you should do when you receive a phishing email.

Do Not Open Phishing Emails

The best way to avoid the dangers of phishing emails is very simple: Don’t open them! This, of course, is easier said than done as phishing emails have become incredibly sophisticated over the years e.g. spoofing email addresses. However, if for any reason whatsoever you do not recognize an email address or there’s something unusual about the email subject then it’s always best to err on the side of the caution. Instead, move the cursor away and get your IT team to investigate it before going any further.

Leave Links Well Alone

Opening a phishing email isn’t enough, on its own, to activate the malicious payload, but it’s very simple to do so. Phishing emails often contain links which, once clicked, send the user to malicious websites where malware is automatically downloaded to the user’s PC. This malware is usually very discreet and is able to run silently in the background where it is able to log keystrokes or even take control of the user’s PC. So, remember: if you don’t recognize the sender of an email, it’s crucial that you never click their links.

Don’t Respond

Phishing emails will often try to gain your trust by establishing a connection, so you need to be mindful of these deceptive tactics. By hitting the reply button, for example, you’re demonstrating to the hacker that not only is your email account active, but that you’re willing to engage. And, if a phone number is provided, never ever ring it as it will involve further social engineering and potentially a very high phone charge to a premium member. It may be tempting to respond, but always say no and move away from engaging.

Report the Email

Any form of hacking represents a serious threat to the security of your organization, so it should be every employee’s duty to report a phishing email as soon as possible. This allows your IT team to analyze the email and its contents before taking action. This could be as simple as deleting it securely or telling you that, actually, it’s safe to open. Ultimately, shared knowledge allows your entire organization to stay on top of phishing emails, so, even if you’ve clicked something you shouldn’t have, report it immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More