Don’t Take the Bait: Beware the Latest Phishing Scam

Don’t Take the Bait: Beware the Latest Phishing Scam

Just when you mistakenly thought you were safe, another phishing scam makes the headlines. Actually, by now you should realize that you can never be completely safe. Cybersecurity is all about constant vigilance.

Our job at the Cyber Readiness Institute (CRI) is to make sense of this latest headline for small and mid-size enterprises (SMEs), look at its implications and offer some guidance on what you can do.

Emotet is malware that gets delivered through phishing emails. It’s been around for a while, but large banks and financial service companies were the primary targets. Now, it’s being used to send fake invoices to the customers of banks and financial service companies. You may have received one already. Like most attacks, the phishing email has an attached document. Don’t open the attachment.

But as we know - and the hackers know - all it takes is one person to open the attachment and bad things happen. It will install malicious code on your computer that creates a backdoor that allows the hackers to access all of your data AND it takes over your email so they can send more phishing emails from your computer. Ouch.

You can read more about Emotet here.

https://www.zdnet.com/article/this-latest-phishing-scam-is-spreading-fake-invoices-loaded-with-malware/

Here are the big take-aways for SMB owners and managers:

1.    All it takes is one person in your organization to open the attachment and the pain starts.

2.    Human behavior is a key part of basic cyber readiness so training your people on the basics like phishing and updating software is critical.

3.    Your company may not be the ultimate target for the hackers, but a gateway to the intended target. They may try to get at you to get into your bank.

Here are some quotes from the ZDNet article that reinforce our key message.

·      “In order to protect against Emotet malware, it's recommended that users are wary of documents asking them to enable macros, especially if it's from an untrusted or unknown source. Businesses can also disable macros by default.”

·      “Organizations should also ensure that operating systems and software are both patched and up-to-date as this can really help to stop malware being successful as many attacks use known vulnerabilities that can readily be patched against.”

What can you do in your company? Here are a few tips:

1.    Appoint a Cyber Leader at your company to take responsibility for your cyber readiness.

2.    Share information with your employees about current threats – like Emotet.

3.    Focus on the human behavior in your company. Provide clear, simple policies for employees to follow on four core cyber readiness issues:

a.    Passwords

b.    Phishing

c.     Software updates

d.    Removable media (i.e. USBs)

For free resources and more information get in touch with me (cmoss@cyberreadinessinstitute.org) or go to www.cyberreadinessinstitute.org. Be Cyber Ready. Be Cyber Strong. 

To view or add a comment, sign in

Insights from the community

Explore topics