With the Australian Governments introduction of the Notifiable Data Breach Scheme on February 22nd 2018, it is now more important than ever to protect yourself against all forms of attacks.
An incident at a KFC franchisee highlights that even the most seasoned IT professional can fall victim to a phishing attack, reported IT News on Tuesday the 20th of March 2018.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
An IT manager at a Brisbane-based Collins Foods, the operators of hundred of KFC stores in Australia, Germany and the Netherlands, clicked an unsafe link.
This one simple action allowed anonymous attackers to briefly take control of the manager’s email account, which allowed them to send out additional phishing emails masquerading as invoices to an entire data base of contacts.
The company was able to quickly spot and address the issue by notifying those they believe had been recipients of the fake invoices via email.
The issue was a much needed reminder to all organisations of the need to remain alert, monitor processes and ensure procedures are in place for speedy responses.
How you can avoid email phishing attacks
- Never click on hyperlinks
Good practice is to avoid clicking on any hyperlinks included within the confines of an email. This is particularly important when you have received an email from an unknown sender.
If you do however feel the need to check out the website the link is associated with, you should always enter the URL into a web browser manually.
- Verify HTTPS
Whenever confidential information is being conveyed online, the address bar should always read “HTTPS” as opposed to the standard “HTTP”. The “S” confirms that the data is being conveyed through a secure and trustworthy channel.
- Always check the “from” address
This is a relatively simple, yet often overlooked method for identifying potentially malicious email.
Copying the look of a trustworthy email or organisation is easy, however the email address itself is another can of worms.
Potentially malicious emails attempting to masquerade as the legitimate source often have additional numbers and letters in the email address, or even a misspelling of the legitimate organisations name.
- Never enter sensitive information into a pop up window
Pop up windows are often used by phishers to extract information or to direct you to unsafe sites. Pop up windows are good to avoid altogether, unless from those you know to be a trustworthy source.
- Keep antivirus and firewall current
While these both seem like rather obvious methods for avoiding attacks, you would be surprised by the number of people who fail to take this basic step.
Phishers, scammers and attackers are constantly changing and upgrading their schemes, therefore remaining current with your own protections is an invaluable first line of defence.
Learn more about a multi-layered approach to security.
If you’d like any further information, assistance with your IT needs or you simply don’t know where to start – please feel free to call us on (07) 3120 0640 or email us at [email protected].
Sources:
https://www.itnews.com.au/news/when-an-it-manager-falls-victim-to-a-phish-487280
http://www.globallearningsystems.com/blog/post/10-best-practices-to-avoid-email-phishing-attacks/
