ENLG Rs 19.90
  • Search by keywords
  • Search by hashtags
What are you looking for
What are you looking for
#

Inside

April 16, 2020

Beware of phishing: Helping employees fight cyber-attacks

The COVID-19 pandemic has created fertile ground for cyber-attacks, tricking employees into parting with sensitive data and into compromising corporate information systems. This week, Vikas Sharma, ENL’s Chief Information Security Officer, puts the spotlight on phishing.

 

Cyber-attacks have increased with the rapid worldwide spread of the COVID-19 pandemic. Cyber criminals are targeting employees as soft targets, knowing they are the organisation’s first line of defense. In an on-going endeavour to equip ENL teams with information and best practice to ward off cyber-attacks, this week we are taking a closer look at phishing. The end objective is to protect ourselves by being suspicious of emails from unfamiliar sources.

What is phishing? It is a cyber-attack where criminals disguise malicious emails and websites to trick people in clicking links, opening files or giving sensitive data.

What are the cybercriminals after?

Business email compromise (BEC) scams are designed to trick victims into transferring sensitive data or funds — personal or corporate — to the cybercriminal’s accounts. They also aim to steal credentials so they can infiltrate organisations and compromise information systems, especially corporate payment systems, as well as the quality of services. If successful, the attacks can open the doors to more fraud.

Malicious actors typically pose as a trusted organisation (banks, merchants) or individual (co-worker, manager, IT administrator) to target employees.

Beware of the following cyber-attack techniques:

Social engineering scams proliferate in the wake of natural disasters, terror attacks and request for payment transfer.  Here are some COVID-19-related tactics that have emerged.

  1. Emails masquerading as government announcements

Threat actors are sending phishing and BEC emails disguised as government announcements. Fraudulent emails have included logos and other imagery associated with the World Health Organization (WHO) or Ministry of Health (MoH). Emails include links to items of interest, such as "updated cases of the coronavirus near you." Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.

  1. Email Spoofing (tricking) with false advice and claim

We have seen a rise in malicious emails directing recipients to educational and health-related websites riddled with malware or deceiving the identity of corporate employee to perform business related activity. Such e.g. may read:

  • “Go through the attached document on safety measures regarding the spreading of coronavirus. This little measure can save you.”
  • “Request for transfer of funds to suppliers on a specific account or update your bank personal information or payroll related information request”

Such email entices users to click and run malware in the background or to steal the personal and financial information of the victim.

  1. False charity

Another phishing campaign involves emails designed to mimic the genuine website, soliciting donations to fight the spread of the virus. The emails appeal to recipients’ altruism, urging victims to donate into a Bitcoin wallet or to make other types of payments. Other malicious actors may create fraudulent charities.

Helping our employees fight cyber attacks

Threat-aware employees are the first line of defense against cyber intrusions.  As has been proven time and time again, it only takes one. One click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the adversary can proclaim victory over your network.

Heightened awareness can be a powerful antidote. To protect from a social engineering attack, coach all employees to take these precautions.  

Assure your employees that heightened awareness can be a powerful antidote. To protect from phishing attacks, all ENL employees MUST take these precautions:

  • Be sceptical of emails from unknown senders or familiar people (like your company’s CEO or CFO) who do not usually communicate directly with you.
  • Don't click on links or open attachments from those senders.
  • Don't forward suspicious emails to co-workers.
  • Examine the sender's email address to ensure it's from a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make email addresses appear visually accurate — a .com domain where it should be .gov, for example.
  • Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.
  • Report suspicious emails to the IT or CISO office through Incident Reporting Platform
  • Validate if corporate-approved anti-phishing filter on browsers and emails are installed.
  • Use the corporate-approved anti-virus software to scan attachments.
  • Never donate to charities via links included in an email; instead, go directly
Return to magazine homepage
Read this next
#Inside
April 19, 2024
L’innovation au cœur de la collaboration entre Decathlon Maurice et l’équipe TOPEX
Read More
#Inside
March 20, 2024
5 jeunes partent à l’abordage du CFA Challenge
Read More
#Inside
January 18, 2024
Rapprochement annoncé des sièges sociaux d’ENL et de Rogers
Read More
#Inside
December 12, 2023
ENL récompense ses champions de l'éthique
Read More
Follow us on Social Media
Land & Investment
Agribusiness
Real Estate
Hospitality
Finance & Technology
Logistics
Commerce & Manufacturing
Key Investments
  • Rogers Group
  • Eclosia Group
  • SWAN Group
  • New Mauritius Hotels
  • Semaris

We use cookies to give you the best browsing experience while visiting our website. If you continue without changing your web browser settings, we'll assume that you agree to our cookies policy.

Accept and close