There’s an increase in phishing attacks on businesses, as well as home-workers. We explain what they are and how to reduce the risk with better cybersecurity.
If you’re unfamiliar with the term ‘phishing’, it’s still fishy but nothing to do with fish! Phishing is when cyber criminals send a message, commonly a scam email or text message, to trick you into providing access to sensitive information like contacts, banking details, documents and files.
They usually do this by getting you to input your username and password into a malicious domain designed to look like a Microsoft application. Now, you’d think that you would never fall into such a trap but these phishing attacks have become increasingly sophisticated and you’ll be surprised how easy it can be to be deceived.
Cyber criminals trick you into clicking on the links contained in an email or text message, which may send you to a dodgy website that can download viruses onto your computer, or steal your passwords.
Phishing attacks are becoming more sophisticated
One of the latest phishing attacks actually bypasses the protection you would gain from Office 365 two-or multifactor authentication*. These authenticator protection systems normally provide a good, first line of defence against threats and we still recommend them.
Having said that, watch out for this phishing attack where victims are tricked into giving permission for (authenticating) a malicious app to run on their device, which the hackers control, instead of the correct authentication process.
The victim receives an email with a convincing and tempting message and a link that looks like a SharePoint file. If the person clicks on the link, they’re taken to the Microsoft Office 365 login page. But the URL had been subtly changed by the attackers to manipulate the authentication process and send authentication data back to the attackers.
We emphasise that this should not deter you from using two- or multifactor authentication as it still provides a better level of security protection than without.
Cyber attacks on businesses and remote workers
There are many other phishing campaigns out there, and an increasing numbers of malicious cyberattacks on business people working from home.
For example, Microsoft are warning of ‘an ongoing and “massive” campaign which tries to take advantage of people’s concerns over the coronavirus’.
The victim receives an email which claims to provide an important update about COVID-19, and has an Excel document attached. Despite containing an authentic-looking diagram from the John Hopkins Centre of coronavirus deaths and cases, the document also includes malicious macros that are triggered when the user is prompted to ‘Enable Content’. This then installs hacking software on the user’s computer.
Taking action on cybersecurity
Don’t be too alarmed but do take action against these risks. Your colleagues should also be trained to be cyber aware, especially where they’re working from home. We run various webinars on cybersecurity if you’d like to learn more on protecting your business and your networks against phishing attacks etc.
Contact us below.
Note, we provide an online cybersecurity training service, which makes a dry subject palatable and useful! Tick the box to book a 10-minute demo of this.
* Source: https://www.bankinfosecurity.com/phishing-attack-bypassed-office-365-multifactor-protections-a-14310