It is not just emails that are used as a point of access
Although the use of email for the purposes of phishing is very common, it is not the only source; SMS messages, phone calls and instant messages can also be used to this end. Bearing in mind that malicious communications are progressively more difficult to detect, make sure that both you and your team are asking yourselves these questions before taking action:
- Were you expecting the message?
- Do you know the sender?
- Are you being asked to click on a link, share information or download a file?
If in doubt, verify the information with a trusted source, such as an official website or telephone number stored in your list of contacts. If you fail to verify the information, report it.
Infographic: How to detect phishing
Be aware of the threats
- Untargeted attacks: The most common type of phishing targets a large volume of people, claiming to be from a well-known brand or company, as it is more likely that the potential victim has an established relationship with them. This is one of the most commonly used techniques as part of ransomware attacks.
- Spear phishing or targeted attacks: Este tipo de phishing se dirige a personas y roles específicos dentro de una empresa. Utilizando información disponible públicamente e ingeniería social, los ciberdelincuentes recopilan gather details about victims to create credible messages and deceive them into sharing confidential information or making a payment, as is the case in CEO fraud.
- Keep your communications consistent and personal, citing reference numbers, using the same font type and design, standardising employee signatures, etc.
- Report any change in advance, so that customers and suppliers are aware, for example, if you change the email address from which you send invoices or confirm orders, informing them of the change in advance using the old address.
Make it more difficult for your identity to be stolen
Cybercriminals might also try to claim to be from your company and deceive your customers or suppliers. To help prevent this from happening: