Despite having robust technical security safeguards, organisations could easily become vulnerable to breaches through phishing. Phishing is the practice of disguising message sources and content as being authentic, luring the recipient to ‘take the bait’ as it were.
More specifically, phishers try to lure the recipients of phishing emails and messages to open a malicious attachment, click on an unsafe URL, hand over their credentials via legitimate looking phishing pages, wire money, etc. Phishing is also used to spread malware by inserting software or code into your system to steal information without your knowledge. It is good practice to maintain staff awareness and to provide a mechanism to report phishing attempts.
E-mail is most commonly used for phishing, but other methods include: online adverts; phone texts; instant messages; social networking messages/posts
Be wary of all emails (especially those that include attachments or links), including those sent from your organisation’s address, or from someone in your e-mail address book. The ‘From’ address of an email is easily faked;
Check the ‘To’ address. Does it have your exact email address or is it slightly different? Is the email addressed to multiple recipients – particularly people that you don’t know?
Phishing messages often use “urgent” subject headers such as “Have you read this yet?” or “Important Announcement”;
Companies do not ask you for passwords, logon information or other personal information. If you receive an email from a business requesting you to update your credit card information or verify your account for example, ignore it;
Pick up the phone – if you are a customer of the company that sent the e-mail and you are in doubt, telephone the company to verify the request;
Generic greetings - be wary of impersonal greetings e.g. “Dear User” or your “Dear…your email address”;
Be wary of false links: Always hover your mouse pointer over message links to see the actual website address you will be taken to.
Resist going to a website from a link within an e-mail. Get into the habit of typing website addresses yourself or using a search engine;
Never click on online advertising. If a product or service looks interesting, then logon to the website directly by searching for it using a search engine;
Ignore offers that seem too good to be true e.g. “You have won the lottery”;
Watch out for typos or poor grammar. E-mails sent by well-known companies are almost always free of misspellings or grammatical errors;
Always ensure you are using a secure website when submitting credit card or personal information via the web. Check the address line for https:// as well as the security lock.
If you would like to know how our service might enable your organisation's GDPR compliance journey, please visit us here
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018