It still concerns me that I continually hear of people loosing lots of money because they were caught by a Phishing Scam.  In case you don’t know what a Phishing Attack is (where have you been….) let me put a definition here:-

What is a Phishing Attack? 

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.

Interestingly over 50% of all of these types of attacks actually come from brand impersonation with the Top 10 listed below:-

  1. Microsoft
  2. Netflix
  3. PayPal
  4. Bank of America
  5. Chase
  6. DHL
  7. Facebook
  8. Docusign
  9. LinkedIn
  10. Dropbox

Microsoft accounts for 37% of all brand impersonation with Netflix a distant second.  Whilst Microsoft Office 365 email security is extremely advanced and one of the best in the world over 25% of all Phishing attacks against O365 are NOT caught by their system and end up in the recipient’s mailbox.  My recommendation is whilst you need to be careful whenever you click on a link in an email please be extra careful if you have an email from any of these companies above.  Peak days are Tuesdays and Wednesdays but you can receive these emails any day of the week.  Fundamentally never just click on a link from anyone just because it looks legitimate.  Check these three things first.

  1. If you do not normally receive emails from this person be suspicious.
  2. If the email has poor spelling be suspicious.
  3. Hover your mouse over the link, if the url given is not from the company the email is from be suspicious.

If you do click a link and nothing appears to happen be very concerned and ask IT to check your computer immediately.

Many Phishing scams work to get you to enter your email credentials and then use this information to access your email and in some way take something from you like money etc.

The easiest way to avoid someone hacking into your email, even if they have your email address and password, is to enable 2FA (Two Factor Authentication) on your email.  2FA is NOT CONVENIENT as it will require you occasionally to enter a code from your phone (either sms or a 2fa application) but the inconvenience of losing a lot of money from your bank account must always be worse.

If you are using Office 365 and your provider has not enabled 2FA then get them to do so immediately or call FunctionEight for help.

Written by

Phil Aldridge

Partner of FunctionEight Limited.