The uncertainty caused by COVID 19 has led to a marked increase in a in so-called ‚phishing attacks‘ by cyber criminals. Phishing is highly used as the first step in cyber-attacks and is amongst the most prominent causes of data breaches and security incidents for both targeted and opportunistic attacks.
Therefore, we would like to draw your attention on how incoming emails can be identified as phishing emails and what measures can be implemented to avoid such attacks.
What is “phishing”?
The term „phishing“ is derived from the intention of the attacker „password fishing“. The attacker sends an email to the potential victim, often by manipulating the email header in a way that the impression is created that the email comes from a contact known to the victim.
Often the victim is asked to click on a link that is sent within the e-mail. The link transfers the victim to a website which is controlled by the attacker. The attacker can use weak points in the victim’s system to install malware or to request the entry of user name and password. The website regularly appears as a normal – „real“ – website (e.g. of a real business partner or IT support).
Incoming emails can be identified as phishing emails, if the following apply:
- Does the e-mail come from an unknown/ fake sender address? (Click on „Show details“ when receiving an email to see the full address of the sender.)
- Is your confidential data requested?
- Is an urgent need for action feigned?
- Does the email contain a link to a fake website?
- Is the email characterized by linguistic inaccuracies (e.g. impersonal salutations) and spelling mistakes?
In addition to direct e-mail phishing attacks, phishers also leverage social media and legitimate websites. One of the phishers’ tricks is to place pages of popular organizations on domains belonging to other popular organizations in their effort to induce credibility to their phishing attacks.
In order to avoid such attacks, the European Cybercrime Centre and European Union Agency For Cybersecurity (ENISA) have developed a few recommendations:
- Change of default router password to protect WiFi connections
- Install antivirus software on all devices connected to the internet
- Use of specialized security e-mail gateways for filtering spam, which is heavily related to phishing campaigns
- Use strong and different passwords for email and other accounts, such as social media accounts. Using strong and unique credentials in every online service limits the risk of a potential account takeover to the affected service only.
- Enable two factor authentications whenever applicable. Two factor-authentication can prevent account takeover
- Back up of data and regular software updates
- Secure electronic devices with passwords, PIN or biometric information
- Check the domain name of the websites for typos, especially for sensitive websites, e.g. bank websites
- Do not click on “enable content” (which enables macros) in Microsoft Office documents. Macros are leveraged to download and install malware.
- Do not click on links or download attachments if you are not absolutely confident about the source of an e-mail.
- Do not click on random links and especially short-links found in social media.
Please remind to always contact your DPO or the responsible person in the company immediately, if a phishing attack occurs and results in a data breach.