This week, all IT Governance employees received a phishing email from what looked like the call centre that manages our incoming telephone calls.
Below is the phishing email we received:
Why this email seemed authentic
- Came from a trusted supplier from whom who we receive daily emails
- Main domain of email looks believable
- Arrived in ‘Inbox’ and not ‘Junk’
- Confidentiality statement at the bottom
Why we could spot typical phishing techniques
- Misspelled subject line: ‘Your documen’
- ‘From’ name unrecognizable
- We don’t normally receive attachments from this supplier
- Layout of email is not in the normal format
- </html code at the end
Luckily, our IT team were on the case straight away and informed everyone to not open the attached document, which contained malware, and to delete the email. After investigating the issue further, our CIO, Neil Acworth, revealed that the sender’s PC was infected with malware. The supplier is dealing with the situation.
It may seem strange that a single email carrying such harmful and malicious code could have put our business at risk, but I guess that’s the 21st century for you. It’s what organizations all over the world are up against every day.
Fortunately, all IT Governance staff have been trained to spot phishing emails. Not only do we talk, write, publish and teach security best practices on a daily basis, we also make sure all employees take (and pass) the Information Security & ISO 27001 Staff Awareness e-learning course. This online course raises awareness of phishing attacks and other important information security issues, thereby reducing an organization’s exposure to security failures.
Could your employees spot a phishing email?
Don’t let a phishing email ruin your Christmas.
This festive holiday is the prime time for cyber criminals to phish organizations as US e-commerce sales are expected to exceed $105 billion. With lots of consumer activity and distracted employees, this equals the perfect time to go out and phish.
Take a look at our new infographic on phishing at this time of year, what it means for organizations, and what you can do to limit the vulnerability.