"Give a man a fish, and you feed him for a day. Teach a man how to fish, and you feed him for life."
This is a great teaching and shows how we ought to impart the fundamental skills to our staff or colleagues so that they can grow their own careers.
The dark statistics
Phishing has been identified as one of the most common cyber-attacks on businesses and individuals. It involves the act of an attacker deceiving people through the use of email, text message, or telephone. Posing as a legal source, the attacker tricks users into giving out their personal information such as their login credentials and credit card details. Attackers have also targeted frequently used social media platforms such as Facebook and Whatsapp in recent years.
Fig 1 : Most targeted industries, second quarter of 2020
The current COVID-19 pandemic has further aggravated the problem as more people are working remotely from home and spending more time on their devices. Once a victim is tricked into clicking on a malicious link, the attacker would be able to intercept the victim?s details and gain access to secured data. For corporate networks and critical information infrastructure, this could lead to a huge data breach of sensitive information for many, resulting in a loss of reputation, finances, and consumers? trust.
According to Trend Micro?s endpoint detections, ASEAN accounted for 3.7% of global malicious URL related to the COVID-19 pandemic, identical to 80,000 phishing attacks during the first 9 months of 2020. Singapore was among the top 7 countries as well. (Interpol, 2021)
Between March 16 and March 17, 2021, Certis suffered a cybersecurity data breach due to a phishing attack where 62,000 emails sent to a customer service account were accessed by the attackers. Some of these emails contained sensitive information such as NRIC and credit card details that were compromised. Fortunately, the Certis? customer database, which was stored elsewhere, was not compromised and they were able to continue their operations as usual.
How to identify a phishing email
Phishers are getting more and more sneaky and phishing emails sometimes even manage to trick the seasoned technology professional. Recently, a few of our staff contacted me to ask if I was looking for them. The email looked as if it was from me but it wasn't
Spoofing a manager or owner of a company is not new and we need to stay vigilant at all times.
Here are some steps you can take to identify if the important sounding email is real or a phishing attempt:
- If the message sounds urgent, that should ring a bell for you to be alert. Most phishing emails appear urgent to catch the reader off-guard.
- Just because the email appears to be from someone you know may not actually be from that person. Check the full email address of the sender to verify.
- If email messages contain attachments or URL links, do not open or click them. Mouse over the link and you can usually see that the URL link leads to some dubious website.
Fig 2: How to spot a phishing email
Source:
https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/spot-signs-of-phishing
How to prevent phishing attacks
? Distrust unusual payment requests
? Always check for grammar mistakes and the sender?s email address
? Don?t open attachments from unknown individuals
? Don?t enter personal information on pop-in screens
? Use a security solution
? Report any suspicious activity
Source:
Summary
All in all, the occurrence of phishing attacks is inevitable and would continue to be prevalent in today?s society. However, we can all play our part to remain vigilant in identifying various attack methods and protect ourselves as well as our organizations from possible data breaches. Let's break the chain and starve the hackers!
Other useful links:
https://focusdigitech.com/cybersecurity
https://focusdigitech.com/cloud