How can you recognize and prevent phishing?
Published on 07/03/2022 in Innovate
Cybercriminals use phishing to try and direct you to rogue websites and part with your personal data. The criminals then use this information to empty your bank account or worse. How can you recognize a phishing attack?
You can perform a number of checks to identify a phishing attempt:
- Does the e-mail contain spelling mistakes, poor grammar, or other obvious errors? Bear in mind, however, that fraudsters are getting better all the time, so even perfectly written e-mails can pose a risk.
- Does the domain name of the sender’s e-mail address differ from the real domain name of the company that is supposedly sending the e-mail? You can check this in the source code of the mail. And by hovering over a link you can check whether the URL of the link in the mail is different from the real domain name of the company. Remember that fraudsters make the domain names as plausible as possible and there might be only a single different character.
- Fraudsters try to creare a sense of urgency. If you are asked to do something urgently or quickly (often just before the weekend or a public holiday), be on your guard.
- Is the mail addressed to you personally? Phishing e-mails are often not addressed to you personally because the fraudsters don’t know your name.
The impact of phishing can be devastating. What are the different types of phishing and how can attacks harm a business and its employees? Wouter Vandenbussche and Koen Bossaert explain.
A healthy dose of suspicion when it comes to e-mail is wise. Does the message seem appropriate, given the compay company that sent it? Is it normal for the company to be making this request? You will generally know what to expect from long-time clients and suppliers. Koen Bossaert, Solution Lead Vulnerability Management and co-founder at Davinsi Labs, gives a few guidelines: “If it sounds too good to be true, then it probably is. And are you being asked to do or pay for something immediately to prevent your account or something else being blocked? That should ring alarm bells.”
If it sounds too good to be true, then it probably is. Is urgent action required? That should ring alarm bells.
Koen Bossaert, Solution Lead Vulnerability Management and co-founder at Davinsi Labs
Double-check via another channel
“It’s crucial to think twice; especially when money is involved,” says Wouter Vandenbussche, Solution Lead Cybersecurity at Proximus. “Codes or account details are never requested via mail or phone. Another red flag is if you get a request to install software. That’s why we recommend – if at all possible – to check via another channel whether the info in the mail is correct.”
Carrying out these kinds of checks on composition and content will help you to recognize phishing attempts. And even though it’s more difficult, they should also be done on messages received on mobile devices or via other channels such as text message and messaging services. Every phishing message that you or your staff recognize is one in the eye for the cybercriminals.
Awareness-raising campaigns are important. Be active in implementing these campaigns in your workplace.
Wouter Vandenbussche, Solution Lead Cybersecurity at Proximus
There are three ways to prevent phishing:
- Making people aware is the first and most important line of defense where phishing is concerned. Cybersecurity awareness among staff members can be significantly increased by conducting regular simulated phishing campaigns.
- Secure incoming traffic with traditional filters such as anti-spam and filter communication tools for incoming messages.
- Secure outgoing traffic by, for example, scanning URLs or the content of outgoing messages.
An essential part of a good security strategy is preventive action through raising awareness. This prevents employees being caught out by phishing mails that arrive in their mailbox. The best way to conduct an awareness-raising campaign is to clearly explain what phishing is, how staff can recognize such messages, and what the impact is. And this messaging should be repeated on a regular basis via various media such as posters, video clips, and newsletters.
A simulation of a phishing attack also makes the dangers visible, especially when the results are used in a campaign to increase vigilance. The more personal and relevant to the staff members, the more attention the campaign will attract and the better the results will be.
Simulated phishing attack
Koen Bossaert: “An astonishing number of people are fooled during these simulated attacks. In one test, we sent a phishing mail during the Christmas period that allegedly came from the company, announcing that the Christmas party had been postponed. More than 80% of the staff handed over their details. Even people from management and IT.”
Davinsi Labs can simulate a phishing attack so you can find out how many of your coworkers would be caught off-guard. Then they attend a workshop where experts explain how to recognize phishing.
Clicked. Details sent. What now?
When you click on a link in a phishing mail, the damage needs to be minimized as quickly as possible by:
- Blocking or resetting accounts and changing your passwords.
- Immediately checking logfiles to see whether there has been an attack, and whether any other phishing messages have come in. This information is useful for monitoring data on new attacks. There may be a larger-scale phishing campaign being directed at your company. There have been cases where the HR department has been contacted, supposedly by members of staff, and asked to change bank account numbers for salary payments.
- Tighten up prevention measures with the results of a survey, for example by blocking the domain names associated with the attack.
How to inform customers?
It is always a good idea to inform clients about any communication that they should expect. For example, if your company never asks for personal or account details via mail or always sends e-mails from the same address, you can mention this to new clients or communicate it on your website.
That way, new clients will be aware of the situation. An incident hotline, where clients can warn of a phishing attack being conducted in the name of your company, combined with an investigation of any reports that come in and adequate communication, can ensure that the impact of a phishing attack is limited.
In the past year, phishing ranked number 1 in cybersecurity incidents among businesses in Belgium and the Netherlands. How often do businesses fall victim to a cyberattack and how do they deal with it?
Phishing incident hotline
Many businesses have a special hotline to report phishing. But what if a business doesn’t have one? Where can they go?
- The person responsible for IT (security) in the company, so that the impact can be investigated and other attacks can be prevented.
- firstname.lastname@example.org, an initiative of the Centre for Cyber Security Belgium (CCB), also supported by Proximus.
- meldpunt.belgie.be, the incident hotline of the Belgian government, where all kinds of fraud and scams can be reported.
- The local police, in the event of damage. They can call in the regional or federal computer crime unit.
Read more about the different kinds of phishing and the communication channels used.