What is Phishing?
“Phishing” is the most common type of cyber-attack that affects organisations. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details.
Although organisations maintain controls to help protect our networks and computers from cyber threats, they rely on users to be their first line of defence.
We have recently seen an increase in phishing emails impersonating Microsoft 365 Business invoices, being sent to individuals advising them that their subscription is about to expire.
The phishing email is similar to the one below:
To avoid these phishing schemes, please observe the following email best practices:
Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
Do not provide sensitive personal information (like usernames and passwords) over email.
Watch for email senders that use suspicious or misleading domain names.
Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
Do not try to open any shared document that you’re not expecting to receive.
If you can’t tell if an email is legitimate or not, please [INSERT COMPANY PROTOCOL].
Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.