Gone Fishin’

Or did I mean Phishing?

I read that this Friday 25 November is the official start of the shopping ‘silly season’.  Black Friday and then Cyber Monday, more American import to our shores, kick off the spending frenzy to Christmas.

But it appears that shopping is not the only frenzy that this season brings.  According to a recent ITGovernance blog, the Anti-Phishing Working Group (That is for real)report an increase in Phishing during the Christmas period.  Last year there was a 250% increase in Phishing attacks between December 2015 and March 2016.

I would suspect this will increase this year if my personal experience is anything to go by.  Already this week I have seen 100 emails in my spam folder offering me ‘too good to be true’ Black Friday offers and as I write, it is only pale grey Tuesday (PM).  I don’t know what my mail box will look like on Thursday!

Taking a look at the latest Phishing trend analysis one can see why this is probably a popular time of year.  43% of Phishing attacks are targeted at the Retail/Service sectors and 13% at Payment Services, a total of 56% covering the most popular sectors at this tome of year.

The increase indicates that this approach to spreading malware or gaining access to data and/or networks is effective.  This has to raise concerns for business.  How many business owners have trained their staff to spot potential Phishing scams?  I bet is not many.  Most will assume that by employing intelligent adults they are safe.  Not true. Phishing is getting sophisticated and some are not easy to spot.

If I employed staff, I would expect to

  • Brief my staff on relevant health and safety annually;
  • Brief them on the fire procedure annual and have at least one practice;
  • Brief my staff on how to stay safe on-line.

On this latter point there are loads of resources on-line, but for a few hundred quid isn’t it worth getting an expert with up to date knowledge in to your organisation to give proper guidance?  No! Well here are a some people who would probably now pay that:

  • A small soft furnishing company who clicked on an invoice link in an email.  It was a malicious link containing ransom ware.  All their files were encrypted and it cost the over £2000 to recover their data.
  • The not-for-profit organisation the head of finance received an email from the CEO asking for urgent payment to a supplier.  The CEO’s email had been spoofed, he never sent it and £10,000 was transferred to a fraudster.
  •   The world leading heart hospital that narrowly missed a ransom ware attack.  A nurse unwittingly clicked on a link in an infected email. Thanks to the ‘lucky’ timing of a backup they escaped, but it was luck not judgement.
Featured Image by Snuzzy used under creative commons licence
Gone Fishin’