Enterprise Software Blog - Professional Advantage
  • Home
  • Categories
    • Business Intelligence
      • ClubIntel
      • Performance Management
      • Qlik
      • QlikView
    • Business Management
      • Budgeting and Forecasting
      • Business Process Management
      • Integrated Business Planning
      • Planning and Forecasting
    • Content & Document Management
      • Document Automation
    • CRM
    • Dynamics
      • Dynamics GP
    • eProcurement
    • Financials & ERP
      • Dynamics AX
      • SunSystems
    • Implementation & project management
    • Industries
      • Higher Education
      • HR/Recruitment
      • Membership
      • Not-for-Profit
      • Oil & Gas
      • Retail
    • Infrastructure Solutions
      • Cloud
      • Security & Compliance
    • Intranet
    • IT Services General
    • Marketing
      • Marketing Automation
    • Office 365
      • Project Online
    • PerformancePlus
    • SharePoint
    • Support Services
    • System Selection
    • XMPro
  • About Us
  • Contact Us

Follow Us

JOIN OUR MAILING LIST

  • Your information will never be shared or sold to a 3rd party, read our privacy policy.
Enterprise Software Blog - Professional Advantage
  • Home
  • Categories
    • Business Intelligence
      • ClubIntel
      • Performance Management
      • Qlik
      • QlikView
    • Business Management
      • Budgeting and Forecasting
      • Business Process Management
      • Integrated Business Planning
      • Planning and Forecasting
    • Content & Document Management
      • Document Automation
    • CRM
    • Dynamics
      • Dynamics GP
    • eProcurement
    • Financials & ERP
      • Dynamics AX
      • SunSystems
    • Implementation & project management
    • Industries
      • Higher Education
      • HR/Recruitment
      • Membership
      • Not-for-Profit
      • Oil & Gas
      • Retail
    • Infrastructure Solutions
      • Cloud
      • Security & Compliance
    • Intranet
    • IT Services General
    • Marketing
      • Marketing Automation
    • Office 365
      • Project Online
    • PerformancePlus
    • SharePoint
    • Support Services
    • System Selection
    • XMPro
  • About Us
  • Contact Us
Infrastructure Solutions, Security & Compliance,

How to spot a phishing email

by Professional Advantage1 week agono comment

While an organisation’s employees are its most valued asset, they are also, potentially, its weakest link in the area of IT security defence framework (technology, policy enforcement, and people behaviours), and their current capability to protect, defend, and respond to such threats coming into their organisation via email. Cybercriminals target employees at every organisational level, and those who are not aware of their tactics and means can easily and innocently fall for them. Such is the case of these organisations that we encountered previously:  

  • An international and very high profile government authority suffered a very serious phishing attack. Their finance team received two invoices from separate supplier entities via email, both of which looked very authentic with electronic funds transfer details and links. The problem was that the invoices were from corporate entities that were subsequently identified as being fake and setup by bad actors, and this regrettably occurred only after the invoices were paid and funds transferred. The government entity unfortunately suffered serious financial losses of approximately US$300,000.
  • An Australian organisation risked losing approximately AUD$1,000,000 after their bank received an email seeking release of funds for a supplier to a nominated bank account. The email seemed to come from this organisation but their bank’s fraud detection systems identified anomalies with the email domain format of the senders of both invoices. The organisation’s bank checked with them to verify if their instructions were true and valid. Fortunately, they both came to a realisation that it was a scam email and attempted fraud, and stopped the release of the funds to the bad actors.  
  • Our final story involves another Australian organisation where their business IT operations completely stood still for three weeks after a ransomware request followed a successfully executed malicious and destructive phishing attack via email against them. This attack brought their critical corporate IT infrastructure to its knees and eliminated all access by staff to applications and systems for the 3 weeks until the situation was resolved with the bad actors.

Cybersecurity threats, in general, pose real and serious risks to all businesses today, including but not limited to:

  1. Financial loss from substantial fines to government regulatory authorities for security related compromise events.
  2. Temporary or permanent loss of valuable business data and identity theft.
  3. Operational disruption and staff productivity losses.
  4. Damage to one’s organisational brand reputation and public image.

These risks can happen to your business as a result of a malicious email that your people probably wouldn’t know or identify as suspicious, even if it is right in front of them. A small effort towards education and making your people aware of how to spot a phishing email will go a long way towards reducing the risk of occurrence and further securing your IT operations environment.

What is Phishing?

According to Microsoft, phishing is an attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communications that often look to be official from legitimate organisations (commercial, government, not-for-profit, education) or individuals. It is a practice used by cybercriminals to entice users to reveal personal information like passwords or payment details which they seek to profit from commercially. Common phishing techniques use invoice phishing, payment or delivery scams, file downloads, or those that deliver threats such as ransomware in the email attachment.

How to detect a Phishing Email

The key to prevention is awareness and education, so we’re sharing with you some of our pointers on how to spot a phishing email:

Unusual, urgent request

Does the email message ask you to perform an unusual activity like changing your password or updating your bank information? Does it require you to take urgent action for a strange request? If it smells “phishy”, it must be! Banks and many authentic organisations do not typically ask for personal credentials via email, so do not give them up that easily.

Phishing Email - Unusual urgent request

Suspicious links or attachments

Think before you click. Be wary of misspelt website domain names or bizarre links. Check that the link will go to a legitimate website by hovering over it first. Do not open abnormal links or attachments until you can verify them with the sender by calling them.

Phishing Email - Suspicious links or attachments

Dubious sender

Does the “From:” field have a matching email address? Legitimate companies would normally use matching sender name and business email. In the sample below, the sender’s name is ‘Yahoo business Email’ but it goes to psmc_jdcantillo[a]yahoo.com.

Phishing Email - Dubious sender

Badly written email

Phishing emails typically contain odd phrases and grammatical errors. Badly written emails like the one below coming from a well-known corporate or government entity brand is one of the sure signs of a phishing email.

Phishing Email - Badly Written Emails

What to do when you encounter a phishing email

Being overly cautious is better than having regrets in the future for not taking action. Don’t ever hesitate to report to your IT department a suspicious-looking email. You may also contact the sender by calling them on the phone to confirm.

If you are using Office 365, you should turn on its built-in Multi-Factor Authentication (MFA) function for additional security and safety. Back up your data so you still have a copy of your files in case you fall victim to a phishing trap.

Need assistance with a cybersecurity incident or to to broaden and deepen your defences? Contact Professional Advantage. Complete the form below and our Security Specialists will be in touch.

  • If you would like to know more, complete the form below and one of our experts will contact you.
  • We would like to send you occasional news and relevant marketing communications. To confirm you would like to receive these communications please check the box below. You can unsubscribe at any time.
  • Your information will never be shared or sold to a 3rd party. Please see our privacy policy to learn more about how we use your data.
CIOSecuritySecurity Best PracticesUseful Tips and Tricks
Previous

B4B for SunSystems

1 week ago
Professional Advantage

Professional Advantage

Professional Advantage is an international IT consulting and solutions company, with 30 years of experience in helping organisations achieve more by improving their business systems through industry leading software solutions. Originating in Australia, it is one of the country’s most awarded solution providers. The 250-strong team covers seven offices across three continents, and has successfully worked with over 1000 organisations.

Leave a Reply Cancel reply

Related posts

End of Support
Cloud, Infrastructure Solutions, IT Services General,

Mitigate the risks with SQL Server 2008 and Windows Server 2008 End of Support

by Professional Advantage4 weeks agono comment
featured-image_SharePoint-security-mistakes-to-avoid-and-how-to-lock-it-down
Security & Compliance, SharePoint,

SharePoint security mistakes to avoid and how to lock it down

by Andrew MacKenzieSeptember 25, 2018no comment
How-Office-365-security-helps-with-your-compliance-obligations_featured-image
Office 365, Security & Compliance,

How Office 365 security helps with your compliance obligations

by Rick SethiSeptember 18, 2018no comment
whitelisting_featured-image
Security & Compliance,

Application Whitelisting: Why is it essential for every business?

by Rick SethiJuly 18, 2018no comment

Follow Us

JOIN OUR MAILING LIST

  • Your information will never be shared or sold to a 3rd party, read our privacy policy.

Our most popular posts

  • What’s the difference between QlikView and Qlik Sense?

    What’s the difference between QlikView and Qlik Sense?

    March 11, 2016
  • 5 Core IT applications every company needs

    5 Core IT applications every company needs

    March 11, 2011
  • How to migrate file shares to SharePoint – and why you should

    How to migrate file shares to SharePoint – and why you should

    September 11, 2018
  • The Undeniable benefits of using a SharePoint DMS

    The Undeniable benefits of using a SharePoint DMS

    April 18, 2018
  • 9 best practice tips for configuring your SharePoint document library

    9 best practice tips for configuring your SharePoint document library

    6 months ago

Tags

Accounts payable BI Board BPM Budgeting budgeting and forecasting Business Intelligence Business Process Management CFO CFO CIO CIO Cloud Collaboration corporate performance management CRM customer management systems Customer Relationship Management Dynamics CRM Dynamics GP eProcurement ERP forecasting iBOS iBPMS Infor BI Intelligent Business Operations intelligent business process management Intranet Intranets iPOS Marketing Microsoft CRM Microsoft Dynamics CRM Office 365 process automation QlikView sales & marketing business solution Sharepoint spend control SunSystems SunSystems eprocurement SunSystems iPOS Workflow XMPro

© Professional Advantage ® Pty Ltd. All rights reserved. All other trademarks and copyrights are property of their respective owners.