As discussed in our recent SPAM article Phishing is a very worrying type of spam we will expand on this subject now.

Phishing is a method of fraudulently acquiring login, password, credit card numbers and other sensitive information.

An example would be an email from a bank enticing you to click on a link and provide your online banking login details. These scams often state something along the lines of: ‘We have lost your details, please click here and login to ensure your money is safe’. They send this to millions of people so at some point a recipient will Bank with this organisation and will unwittingly click on the link, which opens a website that looks very similar if not exactly like the bank’s website for the victim to provide their login details. Unfortunately this website will not be the bank’s but the fraudsters. The response from the page will probably be something like ‘Thank you for your confirmation, we will contact you shortly’. At this point the fraudsters have the login details and can transfer the fateful recipient’s money into their own bank account! It is argued by some that employers could be liable for staff’s losses should this occur from receiving an email at work that leads to the loss. Therefore it is important that companies and employers should take reasonable steps to inform staff of the risks and implement systems to reduce the chances.

Phishing is looking more and more ‘professional’ by the day and the culprits appear to be diversifying into different types of scam as more people become aware of the Banking scams. Now they are looking to obtain ebay and PayPal logins where recipients are less suspicious. There is also the potential for someone to email persons within larger organisations masquerading as the ‘systems administrator’, IT Manager or similar in an attempt to secure the staff member’s login details to their corporate computer network to obtain further sensitive information. More businesses are using online banking, therefore the unwitting employee (who may have the company’s login details) may give them away to a sham artist in this manner.

How to We Protect Our Staff & Organisation?

Policy
Finn Consultants recommend that all companies have an Internet and Email Policy informing employees of the rules of using the internet and email, also informing them of risks and how to avoid them. You should ensure that all staff members have read and signed a policy.

Anti-Phishing Solution
Anti-Virus and Anti-SPAM solutions can also include Anti-Phishing elements, which treats these types of scam as viruses. The correct solution varies with each organisation; impartial advice will help ensure you get the correct solution.

Website Filtering
Some Internet Firewalls can block access to ‘black-listed’ or known websites, they can also block suspicious websites. Alternatively many Firewalls can be configured to only allow specific work related websites if this suits the organisation, thus blocking access to any websites not specifically allowed.

The solutions above can be a software based solution on each computer, a server software/hardware solution or can also be provided as a Managed Service requiring little or no hardware/software installed on your site.

Finn Consultants can advice and implement the solution that suits your needs, call us now.