The threat from cybercrime continues to rise – with fraudsters becoming ever more devious in their efforts to take cash from unprepared businesses.
Phishing is a type of fraud in which criminals send emails claiming to be from reputable organisations such as banks. Penny Davis of AW Training and Compliance says it is becoming more common and is urging businesses of all sizes to be on their guard. Not being prepared can be costly. She recounts the story of one business that has recently lost more than £20,000 after falling for a phishing expedition.
She says: “Over the last couple of months we have seen a number our clients’ receiving these emails.
“There seems to be a trend with these recent emails in which the phishing email looks to be from a person known by the recipient, making them think it is legitimate. People’s details are taken from a previous victim’s Outlook contact folder.
“The email suggests there is a document that needs reviewed. If the link is followed it takes the user to an email login page, this site asks for the username and password of the recipient.
“When these are provided, the fraudster gain access to their contact list and sends an email, purporting to be them, to everyone on it, and so it goes on.
“In one particular case the fraudster sent an email as the client to their finance team asking that some £20,000 be transferred to a new bank account.
“The request was processed and the funds were transferred to the fraudster’s bank account; then passed on from there.”
There are measures you can take to protect yourself from this type of fraud. Configure accounts to reduce the impact of successful attacks by giving your employees the lowest possible level of IT privilege needed to do their job. Train your staff to be on their guard – to look out for requests that are unusual – for example, sending a large, one-off payment to a supplier, or providing their passwords or credit card details.
Be aware of what to look out for. Although phishing emails are becoming more sophisticated, there can be warning signs such as incorrect addresses, or poorly written messages with grammatical mistakes. AW Training and Compliance has joined with WNJ to ensure that its clients can approach GDPR in a compliant and stress-free manner.
To discuss any issue regarding GDPR and cybersecurity and how AW Training and Compliance can help contact Penny on 01257 460081 or email firstname.lastname@example.org Penny is a management and leadership expert with a background in regulatory compliance. She is a certified EU GDPR Practitioner, ISO17024 certified and Institute of Information Security Professionals accredited