Edited & prepared by Oscar Michel, Masters in Journalism, DCU.
Great guest post from George O’Dowd MD Novi – Technology for Business.
Link to website here.
Cyber criminals are continuously using new methods to defraud, gain access and steal information. One of their modus operandi is ‘social engineering’.
What is Social Engineering?
Social Engineering is the practice of manipulating and defrauding people to give up confidential information. Criminals try to trick people into handing over information such as bank account details, passwords to accounts and/or click on links allowing them gain access to their computer to install malware. Social Engineering works because it is easier to fool people than hack into their computer.
Security is all about trust. People by nature trust others they know personally and websites or companies that they deem to be a trusted/legitimate source. Criminals exploit this inherent trust. They might email, call or ask you to download something from a website under the pretence of coming from a legitimate source i.e. someone or some company that you inherently trust.
Using lots of sources on the internet including social media accounts criminals can build profiles of individuals. They can find out where they work, what position they are in, recent company deals, where they last went on holiday and when, how many kids they have and lots more. Using all this information criminals can pretend to be someone they are not by showing that they know lots of personal details about you. They can hack into company email accounts and send emails that appear to be legitimate. For example, you may receive an email that appears to come from management asking that money be transferred, requesting passwords, requesting bank account details be changed and maybe requesting information relating to customers.
So how do you recognise a phishing email?
When you receive an email from a colleague or supplier that appears suspicious you should treat it as such
1. Don’t trust the display name. Check if the source is from the correct email address. See example number 1 below. The email appears to come from ‘Fidelity’ but the associated email address does not use a fidelity domaim e.g. fidelity.com
2. Watch out for urgent language in subject lines which are designed to make a person act before they’ve given time to consider is the email legitimate.
3. Beware of broad, impersonalised salutations Dear Customer, Dear Contact etc… Legitimate companies requesting private and sensitive information would not do so over blanket emails.
4. Hover over web links even if they appear correct – Don’t click on any links in a suspicious email but if you hover over the link it shows the real address. See example below, the link revealed does not resemble the company’s web address.
5. Legitimate emails will be properly branded. Be alarmed if you see variants in the company name or logo.
6. Watch for misspelt words or poor grammar – Cybercriminals are not known for their good grammar. Often cyber attacks originate in countries where English is not the first language so watch for unusual phrasing and incorrect spelling.
What to do if you receive a phishing email
If you receive an email that in your opinion looks suspicious in any of the above ways. Trust your judgement do not click on a link or do not reply to the email. A reply just confirms to the criminal that you’re email address is correct. If you receive an email from a colleague that looks suspicious call the person using a KNOWN phone number (not the one in the email) to verify their requests especially for bank account changes and money transfers.
Talk to your IT department or IT Services provider. With the frequency of phishing emails constantly on the rise your IT provider must ensure that you have a spam filtering solution in place to help minimise and reduce the chances of phishing emails getting through to your inbox.
Adopt a 2-step Approach
1. Put security systems in place to catch as many phishing emails as possible
2. Educate your employees on the signs to watch out for as some will inevitably get through!
If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at Simon@IrishTechNews.ie or on Twitter: @SimonCocking
Ireland’s transition to electrified mobility continues to strengthen, with two in five Irish consumers (40%)…
South East Technological University’s (SETU) sixth annual Women in Technology event will bring together role…
By David Stephen who looks at the idea of Digital Insurance and how it could…
Irish small and medium-sized enterprises (SMEs) are increasingly aware of the growing risk posed by…
The Spider Awards, Ireland’s longest-running and most prestigious digital awards ceremony, is proud to announce…
National Broadband Ireland (NBI), the company responsible for delivering the Government’s National Broadband Plan (NBP),…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
