Don’t Open that Email Attachment!
Part 2: 5 phishing tactics threatening UK businesses
In the first of our series of blog posts we gave an example of CEO Fraud. In this second blog we’re focussing on emails containing malicious attachments.
We’ve all experienced arriving home from work to be greeted by a ‘We failed to deliver your parcel’ card on the doormat. The anxiety of losing that precious package typically has us rushing to the parcel depot at the first opportunity.
In February this year, email scammers exploited the same emotional drivers in an email to FedEx customers. The email claimed that a courier had attempted a delivery but no one was at home to sign for it. The recipients were advised to print a receipt and take it to the nearest FedEx office within 48 hours. The urgency around the request was a typical tactic, giving people less time to question its validity.
In doing so, many of the recipients unwittingly downloaded a malware application designed to corrupt computers and endpoints.
It’s a scam that has been running for years, and those behind it are doing so with increasing levels of authenticity and sophistication.
Of course such phishing attempts don’t just fall under the guise of couriers. Scammers try all kinds of tricks to entice people into installing malware disguised as harmless looking documents.
Often the attachments install ransomware, which we’ll feature in a subsequent post.
Another example is the bogus job application, which can easily fool company employees. Apparent job seekers request managers and HR executives to open CVs or covering letters. The consequences to business can be both costly and embarrassing.
How to stop your staff downloading malicious attachments
- Provide regular awareness training
- Simulate a targeted phishing attack with PhishAware
- Use the results to understand which departments and locations within your business are most at risk.
Learn more about PhishAware
Receive the full infographic of the 5 hot trends in phishing tactics here:
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.