Subscribe

Subscribers to the boundless digital magazine will receive a regular digest of the most recently posted content.


How To Keep Your Company Safe From Phishing Attacks

By Peter Purton in · Technology · December 14, 2016

Cyber criminals are getting increasingly sophisticated with the methods they use to trick us. In this post, the first of three about fending off hackers, we review some of the latest phishing tactics and recommend ways in which to protect ourselves.

Phishing remains the number one method by which criminals seek to gain knowledge of our sensitive information such as credit card or bank account details, or install malware on our devices designed to carry out all sorts of nefarious tasks from espionage to extortion.

Most of us are now very aware of phishing but that doesn’t mean we are any less vulnerable. Unfortunately, cyber criminals are becoming increasingly sophisticated and spotting phishing attempts is getting more difficult.

Long gone are the days when phishing was based on an invitation to take part in a survey or on telling us that we have won a prize. Today, the origin of a phishing email is more likely to appear to be from an organization we deal with regularly concerning a matter of real interest to us.

According to tests carried out by mobile carrier and internet service provider Verizon, close to a third of all corporate recipients open phishing emails and 11 percent actually click on the embedded attachments. These proportions are increasing rather than going down, indicating just how sophisticated phishers are getting at targeting their prey. 

According to Internet security company Symantec, the incidence of spear phishing attacks—ones in which phishing messages are specifically tailored to their recipients—increased 55 percent in 2015.

And the phishing threat is by no means limited to email. The kinds of services the world’s 4.7 billion mobile phone users are accessing are the new area of concentration for cyber criminals. Social media services such as Facebook, Twitter, Instagram, Pinterest, and Tumblr have proven particularly popular with those mounting phishing attacks.

close to a third of all corporate recipients open phishing emails and 11 percent actually click on the embedded attachments

Messaging services, too, are the new battleground. The Short Messaging Service (SMS) embedded in most phones has become a very popular medium for phishing expeditions.

Typical methods include a known supplier sending you an SMS inviting you to register for special discounts, a utility or other company inviting you to view or pay your latest bill online, or a bank or credit card company warning you that your account has been compromised. Clicking on any embedded link could invite disaster. Even contacting a phone number included in the message may not be safe. Scammers have been known to elicit pin codes and user names as part of a feigned security procedure for callers to the number.

As we head into the holiday season, and we are hit by the annual deluge of seasons greetings and special offers, phishing attempts are set to soar. Now is a time for special vigilance. Here are a few tips from experts on how to protect yourself and your organization from phishing scams.

Standard stuff

Create unique PINs and passwords for your phone, accept updates and patches to your software, and use open Wi-Fi networks wisely, warns privacy protection company Privatis. Also, check bank transactions frequently. This is often the first sign that you have fallen victim to a successful phishing scam. Early detection should limit the damage.

Slow down

Take the time to check where an embedded link is taking you, says cloud-based security company AppRiver. If it looks unfamiliar or you can’t see it at all, don’t click on the link. Better still, rather than click on a link, hand type the URL into your browser. And if sensitive information is involved, check to see the site is secure by looking for the padlock sign near the web address.

Remain vigilant

As well as warnings of compromised accounts, special offers or to view or pay bills online, cloud-based security company AppRiver warns us to look out also for fake purchase receipts and shipping notifications or updates. Who hasn’t just bought something from Walmart or Target and who isn’t waiting for a Fedex or UPS delivery?

Be wary

An increasing number of apps are being discovered with embedded malware—particularly ones appearing to be retail apps—so if a message asks you to download an app be extra wary. Make sure it is from a reputable source and via an official app store such as Google’s or Apple’s. And even then be wary. Use Google Play or Apple Store to double check the publisher, to make sure it really is from Best Buy or Nordstrom and not from a crook.

Keep up to date

Phone operating systems and apps are continuously being updated. requests to update are often met with with hesitation from users as to whether they’ll alter the device performance in some unforeseen or undesirable way. Not updating them, however, leaves users vulnerable, says cyber security company Finjan.

Get help

Security apps designed to protect your phone against viruses, spyware, and Trojans are now widely available from companies such as internet security companies Kaspersky and Norton. Make use of them says privacy protection company Privatis.

Protect others

If you are planning to utilize SMS messaging in the future, it is your responsibility to provide customers with adequate security measures for their phones, says privacy protection company Privatis.

In the next installment of this three-part series, we look at the cyber risks posed by highly sophisticated groups such as organized-crime and state-sponsored hackers and what we can do to protect ourselves from them.

All posts in this series:

How To Keep Your Company Safe From Phishing Attacks

How To Keep Your Organization Hack-Free

7 Reasons Digital Security Means Physical Security

Peter Purton is a London-based writer and editor, specializing in explaining the impact on business of innovations in information and communication technologies.