Be Cyber Safe: Three things to look out for this Christmas

We understand that everyone is busy trying to close out work before the holidays and it is easy to rush through things, but we urge you to remain on the look out for any suspicious activity. Below is a list of the most common attacks you may encounter, how to spot them and how to handle them.

 

Phishing

“Phishing” is the most common type of cyber-attack. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.

Outlined below are a few different types of phishing attacks to watch out for:

    • Phishing: Hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
    • Spear Phishing: A more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to your company in the e-mail to trick you into thinking they have a connection to you
    • Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
 
Whaling

Whaling is a type of scam aimed at getting an employee to transfer money or send sensitive information to a hacker acting as a trusted source via email. Whaling is extremely easy to fall for and can result in significant financial losses.

These e-mails can be difficult to catch because they appear to be harmless, and have a normal, friendly tone and no links or attachments. They will appear to come from a high-level official at the company, typically the CEO or CFO, and often ask you to disclose sensitive information or initiate a wire transfer.

A few things to watch out for in a typical whaling attempt:

  • Doppelganger: Whalers may utilize fake e-mail domains that look similar to your domain.

  • A hurried tone: Whalers will often ask you to send money immediately, stating that they are busy or in a meeting, and can’t do it themselves.

  • E-mail only: Since whaling relies on impersonating an employee via a fake, yet similar email address, they will ask you not to call with questions and only reply through e-mail.

   
Ransomware

Ransomware is increasingly being used by hackers to extort money from companies. It is a type of malicious software that takes over your computer and prevents you from accessing files until you pay a ransom.

If your computer is infected with ransomware, you will typically be locked out of all programs and a “ransom screen” will appear. In the unfortunate event that you click a link or attachment that you suspect is malware or ransomware, please notify IT immediately.

Although we maintain controls to help protect your networks and computers from these types of attacks, with the quickly changing attack scenarios we rely on you to be our first line of defence.

To avoid these attacks, please observe the following email best practices:

  • Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
  • Do not provide sensitive personal information (like usernames and passwords) over email.
  • Watch for email senders that use suspicious or misleading domain names.
  • Inspect URLs carefully to make sure they are legitimate and not imposter sites.
  • Do not try to open any shared document that you are not expecting to receive.
  • If you cannot tell if an email is legitimate or not, please raise a ticket with Scop Logic and we will investigate.
  • Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

Remember, nobody from should ever request personal information, usernames, passwords, or money from you via email.

We appreciate you helping to keep your network, and people, safe from these threats during this holiday season.

If you have any questions or concerns, please contact us on 1300 732 823 and we will assist in any way we can.

Contact us