Danny Bluestone is the Founder of Cyber-Duck, a UX focused digital transformation agency.
But it’s been a welcome reminder of the danger of phishing, and a good test of the process and security we have in place to defend ourselves. The attempts have included:
Emails that look like collaborative documents shared by colleagues. Emails that are apparently from me, asking team members to purchase gift vouchers on my behalf. Emails that are apparently from me, asking for people’s mobile numbers.
Some of them are pretty creative and they can also be quite convincing. Until you look more closely:
A spoof email from Danny
This email wasn’t from me and I don’t call him Rick🥲
Another fake email from Danny
This wasn’t from me and it doesn’t sound like me either.
With phishing attacks, the first line of defense for many businesses, including Cyber-Duck, is some form of email security software. In many cases, good software, properly configured, will block and trap phishing attacks before they get to your mailbox. That’s certainly the case here at Cyber-Duck. But the system is not infallible, and in many cases, it may only give you an 80% success rate.
This inevitably means that some phishing attacks will still get through and will land in people’s mailboxes.
And… another fake email from Danny
We train our team to check the ‘From’ field and to be careful clicking on links.
This is why employee training is a vital component of any businesses' defense. Ideally, training is given through a layered approach as part of the induction and competency plan. Then, it should be reinforced via company-wide refreshers and regular reminders in weekly meetings.
Phishing emails aren’t that hard to spot. Here are four red flags to look out for:
This time its a spoofed phishing email from our HR team
Never log in to a webpage or service by clicking on an email — unless you’ve checked it’s legit.
One of the most important things we’re training our Ducks to do is ‘stop and check’. If they are at all unsure, get back in touch with the sender by starting a new email (don’t hit reply!), or phone them to ask. This check will quickly reveal if the email is a scam and could save the business from financial loss and embarrassment.
While security software offers some protection, there is no substitute for well-trained, vigilant staff — they’re a critical line of defense.
Also published on https://danny-bluestone.medium.com/phishing-attacks-watch-out-for-these-four-red-flags-e0a6634be976
Create your free account to unlock your custom reading experience.