Phishing and Malware

Phishing operates through emails, these often look genuine and appear to come from legitimate individuals or organisations, the messages in phishing emails are designed to entice you to either open the attachment or click on a link in the message.

The phishing attachments are often be disguised as an invoice, notice of delivery or something that looks innocent enough, these are often created using Microsoft Word or Excel which contain “Macros” which will download Malware if run. Emails that contain phishing attachments created this way will often bypass anti-virus programs.

Once the Malware is installed on your computer, it can search out sensitive or private information about you or your organisation, allowing the attacker to steal your money, destroy or block access to your data, which could result in the disruption of your business.

Another Phishing method uses links, if you click on the link contained in a phishing email you may be connected to a seemingly legitimate website that will exploit vulnerabilities in your computer to install malicious code or trick you into entering personal information directly on their website.

Some attackers are sophisticated and aim directed attacks at selected groups, researching recipients through website information, social media or public information about their company or organisation.

The high-volume phishing is targeted at as many people as possible so that they only need to catch out a tiny percentage to be successful.

Make sure that you are aware of the information that is available about you and your organisation so that you can spot emails that may be targeted based on the information on the internet.

Keep an eye out for the tell-tale signs, strange language in the subject lines, unexpected emails for example for an order you haven’t made or from a supplier you don’t use.

Malware or Malicious Software can damage data, steal information, hijack website visits and spy on everything you do on the internet. Malware can remain hidden for months before being activated and can spread between machines, it can also be coded to execute certain tasks and evade defences.

You may not know that you have inadvertently installed malware on your computer, without your knowledge it can be busy destroying data, spying on your internet activity and piecing together your passwords. If internet banking is used, malware could redirect the user to fake sites which record login data, so that the attacker can then use to access and steal from accounts.

More commonly organisations are being targeted, malware is used to encrypt import business information, the business is then asked to pay a ransom to get it back.

Here are the risks to business from Phishing and Malware
• Theft of data or data encrypted for ransom
• Damage to your computers and other hardware
• Fraudulent re-direction of your internet banking
• Financial theft

What can you do to protect yourself?

Always use a reputable anti-virus software and make sure that it is kept up to date, keep all systems up to date with new releases and security patches
• If you have any doubt about attachments or links do not click or open them
• Do not download software from unknown sources or websites
• Keep access to the internet sites that are necessary for the duties of employees and your business
• Where possible do not permit the use of external devices within your business environment
• Limit employee access to financial data and systems based on duties and business requirements
• Put in place strong recovery and back up processes
• Make sure staff avoid questionable websites and know not to download attachments, software or use USB sticks or external devices
• Use different passwords for different business logins