18 December 2019

Phishing: don't let them fool you

Phishing, an attempt to obtain sensitive information via email, is a form of internet fraud. Via email (but also by telephone) at first glance, trustworthy authorities, such as a bank or credit card company, ask for your login details, PIN codes, credit card information, or they ask you to transfer a sum of money.

Business Damage

Cyber criminals, however, do not only “phish” for personal information from private individuals, they also try to enter corporate networks or try to obtain system login information. For example, to steal sensitive business information or to sabotage or hostage networks through ransomware. As a result, corporate networks are shut down, with the result that processes stop running. In the case of theft of sensitive information (data breach) a high fine can follow (GDPR legislation). Or your company will be in the news in a negative way (image damage).

bay-beach-bicycle-clouds-pexels.jpg

Photo: Snapwire/Pexels

Phishing is also used to steal money through so-called CEO fraud. In case of CEO fraud, an employee of a company's financial administration receives an email in which a cybercriminal acts as "the boss". With large organizations it is usually about the CEO or CFO. The email instructs this person to transfer a substantial amount of money.

Recognize phishing

Phishing has been around for a long time and remains a major problem for organizations, because phishing emails are becoming better and often difficult to recognize. Most organizations ensure, among other things, with good spam filters, that many of these emails are blocked. Yet it can happen that a phishing mail ends up in an employee’s mailbox. Therefore, you should always be aware of phishing.

Kiwa has listed tips for recognizing phishing. Download the free infographic here.

Secure your business with Kiwa

Kiwa offers various services to help you to deal with information security, including ISO 27001 certification. For more information, please have a look at this page.