In the second in our series of how to fight back against attempts to hack the human element within your business, we look at phishing.



Phishing explained

Phishing is when criminals send e-mails that look as if they come from trusted sources, such as banks, service providers or government agencies. But really, the criminals want recipients to click on links or open documents that contain viruses.

These viruses — or malware — may allow criminals to read, copy and export data from your computer, which they can either sell or use to impersonate you. This is how identity theft works. It can happen at work as well as at home, as I’ll explain below.

Clicking on a link in a phishing e-mail may take you to a genuine-looking website. You may be asked to enter your username and password, confirm financial or personal details. This information is going straight to the criminals. They are after your money — and data and online account access is easily monetisable.

Before I provide some tips to help counteract phishing attacks, I wanted to mention some workplace-specific variants.

 

Spear phishing and CEO scams

Spear phishing is a more targeted form of phishing. The e-mail purports to come from a colleague in a trusted department, such as HR or finance. You are asked to change your password or confirm your details, and are re-directed to a bogus version of the company website or intranet.

CEO scams are when the CEO or CFO e-mails you, instructing you to transfer funds, settle an invoice, or that supplier bank account details have changed. But this is not the CEO and any funds transferred go straight to the criminals. This type of scam is on the rise. Around 12,000 businesses worldwide have been affected by CEO fraud in the last two years at a cost of more than $2 billion, according to the FBI.

 

Fighting back

Be on your guard. Awareness that these scams exist and how they work is half the battle. It’s like being naturally on your guard against pick-pockets when in a crowded area.

Often criminals try to frighten people or say something is urgent. They say there has been fraud on your account, or your account will be disabled, unless you re-confirm your details. Don’t do this.

If you’re not expecting the e-mail or don’t know the sender, delete the e-mail without reading it. Don’t click on any links, open attachments or call any telephone numbers listed in such e-mails.

Recommended actions to protect against phishing at work include e-mail filtering, protecting the network from compromised devices with network segmentation, and strong authentication to access more secure areas.

E-mail phishing scams are real-world con-tricks transferred online. Criminals prey on victims’ fear, greed, curiosity, naivety or just the human desire to be helpful and professional in a workplace setting.

 

PXP Financial

The End-to-end payment platform

PXP Financial provides a single unified payments platform to accept payments online, on mobile and at the point of sale. Powered by inhouse global acquiring, 200+ alternative payment methods & financial services, PXP processes over EUR 16 billion annually through our unified gateway.

Whatever your business needs today or tomorrow, PXP Financials’ innovative payment platform will support your business growth with all the payment services you will ever need from one source, wherever your business takes you.

New call-to-action