It’s a subject we have written about before, but there has been another recent flurry of Phishing emails attempting to gain people’s login details.
Phishing is the term used for an email (or other communication) in which a fraudster masquerades as a reputable organisation in an attempt to steal information or money.
Attackers make Phishing attempts against businesses of any size and in any industry – in the hope of successfully tricking at least some of the employees.
The recent examples we have seen have focussed on trying to obtain login details for email accounts, but they could also relate to online banking or other portals. The end-user is presented with a page asking them to enter their username and password. If the user does so, the fraudster will capture this information for their own use.
The fake login page is usually received as a link in an email and this bogus page can often look very similar to the genuine article.
How to avoid making a costly mistake
- Make sure your account is protected with Multi-Factor Authentication, so that the username and password alone do not allow access.
- Consider a personalised landing page for your company, and get familiar with how it looks, to help identify what is genuine.
- Consider whether the login request is unexpected. Look at the sender’s email address. If in doubt, go to your usual login place and use a familiar link, rather than responding to an external request.
- If still in doubt, refer to your IT team for advice.
For more information about protecting against Phishing, please give us a call or enter your contract details here.