- Don’t be fooled by correspondence that seems to know a lot about you.
Someone who has never met you, and never will, can easily project themselves as a friend-of-a-friend, or a colleague you’ve worked with electronically but never met face-to-face. Using social engineering as well as other data harvesting methods, the cybercriminals can gather a lot more information about you than you might expect.
- Don’t rush to forward any data or make any financial transactions just because the correspondence tells you its urgent
Scams of these types often work because they play on the trust and maybe a little fear of superiors. An email that has an urgent request or demand for information or payment from someone higher up the organisation chart has proven very successful. Executive whaling often referred to as CEO Fraud has proven very profitable for cybercriminals who prey on this trust and fear. At IT.ie we recommended to our clients that a safe-word or phrase be used in all correspondence that requests the release of data or payment. With the recent introduction deep fake voice as a tool for the scammers, this should also be extended to phone calls.
- Don’t take the details provided by the sender at face value
Scammers know that you are likely to check up on the source of the email to make sure that the sender and its content is legit. To help you verify the legitimacy of the email, the scammers will often provide you with a number to call or website to visit to check their authenticity. They may even warn you about other scams to gain your trust. If the sender is legit, then it will be very easy to verify their authenticity and that of the company they claim to represent outside of the email that they have sent.
- Don’t immediately follow instructions contained in the email especially when you are required to click on a link
This is probably the most important tip I can give you. If you don’t trust the source or destination of a link, Don’t Click on it. Clicking on links can allow cybercriminals access to your sensitive data and in the case of a ransomware attack, total control of your system or network.
- Don’t be afraid to get a second opinion
When I write posts such as this, I always ask a colleague to proofread the piece and more often than not they find an error that I missed. The same should apply to any email that requests you to carry out an action. Get a colleague to have a read and give you their opinion. Phishing emails very often have spelling or grammatical errors that you would not expect from professional correspondence and might only be picked up by having a second person read the email content. A second opinion might save you from divulging sensitive data, handing over company funds and ultimately save your job.