The attack in question is called the CEO-fraud and it is more and more frequent due to the increase in teams working remotely from their homes…
Essential tips
Phishing
Phishing is the most reported type of attack according to Interpol. Attackers use this technique to obtain confidential or sensitive information (e.g. account details and access data) by sending a fake message requesting a password or account change. Scroll down for some tips to avoid these attacks.
🤖 Cybersecurity tips 101
The word “phishing” is a combination of the words “password”, “harvesting” and “fishing”. Fraudsters will send their victims a fake but very realistic email requesting account password changes by clicking on a fraudulent link and save this stolen information for later use. Here are some recommendations from the NCSC.
The characteristics of these attacks:
- Reception of an unsolicited email recommending a password change for an account or some other reason to connect to an account via a link.
- Can be regarding any type of account (bank account, online order, email account, software…).
- To change the password a link must be clicked, taking the user to an identical copy of the original web page.
- This inserted account information will be saved for the attackers later use (bank transfers or attacking further contacts in the email account to obtain more critical information).
- These vicious attacks take advantage of people’s good faith and helpfulness.
What you can do
It is important to remember that it is almost impossible to prevent fraudulent emails of this kind from being sent. Basic NCSC recommendations are:
- Knowing that reputable internet service providers will never ask you for your login or password via e-mail or phone, especially banks.
- Be wary of any unsolicited e-mails you receive. Particularly trustworthy companies are often used as false sender addresses.
- Be careful if you receive e-mails that require action on your part and that carry a threat of consequences (loss of money, criminal charges, blocking of account or card…) if the action is not performed.
- Do not open any attachments or click on any links in suspicious e-mails. You can hover over a link or button to see the URL it will take you to, sometimes it can be clear it is a fraudulent address.
- Observe general rules of conduct for safe behavior online and emailing.
- Check leaked passwords with the IBarry website security checks.
If you get phished
✓ Immediately change your password directly on your account page and respect password recommendations.
✓ Report the case to the local police and to the NCSC through this form.
✓ Contact the company whose account information you believe was stolen and explain the situation to regain control of your data.
✓ Warn the rest of your team, they might try the same attack on your colleagues.
A few resources for more information
Stay up to date on the habits to develop for safe online surfing with these excellent resources.
- The NCSC antiphishing website where phishing sites and e-mails can be reported.
- Test your knowledge and take the phishing test by University of Luzern to test your instincts. They also offer basic courses for safe e-banking.
- This iBarry internet security platform details the incongruities of a typical phishing email.