Nothing new about Phishing emails
As a follow up to my post yesterday highlighting October as Cyber Security Month, I thought I would share a bit of history.
While we may think that Phishing emails, that is sending an email purporting to be from a senior executive to the finance or accounts department in the hope they will be fooled into transferring money, is something new, this is in reality just a modern variation of a very old scam.
Soon after telephones became main stream, it was not uncommon for trickster thieves to ring a wealthy persons home, remembering we had phone books with most peoples name in them (a status symbol in the very early days) pretending to be the owner of the home explaining to the maid/housekeeper or other servant that he /she had left their key at home and could they leave one under the mat.
When the housekeeper left, the thief would simply walk up, use the key and help themselves.
Phishing and Whaling (big fish) emails are just a modern take on this very old scam which probably has its antecedents on an even early scam.
This does not make it right or any less distressing, so please keep vigilant and if in doubt check before you act. In our own company, one of our strategies is that we have a built in rule that separates emails coming from our own team as opposed to external emails. It amazes me just how many emails come into the organisation claiming to be from me or Steve Manning our CEO.
The Australian Government has to their credit developed a website – Stay Smart Online and I reproduce a section from this site below to assist you.
LMI have applied to become a partner with the Stay Smart Online initiative so we can continue to do our bit in raising awareness on the importance of cyber security.
Protect yourself from phishing attempts
The best way to protect yourself from phishing attempts is to stay abreast of current threats, be cautious online and to take steps to block malicious or unwanted messages from reaching you in the first place.
Take the following steps to protect yourself from phishing attempts:
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.
- Be especially cautious if messages are very enticing or appealing (they seem too good to be true), or threaten you to make you take a suggested action.
- If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
- Before you click a link (in an email or on social media, instant messages, other webpages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognize or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
- Use a spam filter to block deceptive messages from even reaching you.
- Understand that your financial institution and other large organisations (such as Amazon, PayPal, Google, Apple, Facebook and others) would never send you a link and ask you to enter your personal or financial details.
- Use safe behaviour online. Learn about how to use email safely and browse the web safely.
- Stay informed on the latest threats – sign up for the Stay Smart Online Alert Service. Often, you can also find information about the latest scams on the Australian Government’s Scamwatch website