News and articles

How to determine the authenticity of unexpected emails

For financial professionals only

In May 2021 Ireland’s Public health care system (HSE) was hit with ransomware, encrypting over 80% of its systems. The attack started with email phishing where an employee clicked on a malicious Microsoft Excel file, allowing the attackers to capture the user’s credentials and access the internal network.

I can only imagine how the employee felt in the aftermath as 54 hospitals experienced downtime and appointments were cancelled, costing hundreds of millions in recovery efforts. The HSE have publicly shared details of the attack and noted they didn’t have any cyber security staff. This suggests the employee hadn’t received any training about how to spot phishing emails.

What is phishing?

Phishing is a scam which uses social engineering tactics to trick you into taking an unfavourable action, such as downloading malicious software or clicking a fake link and logging into an imitation of your account.

In the first half of 2021, phishing attacks in the financial sector increased by 22% compared to the same period in 2020, and 38% for financial apps [2]. Financial information is lucrative for hackers who can exploit it to make transactions, perpetuate fraud or sell onto other criminals.

As we shifted to working remotely, businesses increasingly adopted cloud-based applications. As a result, malware delivered via cloud app is increasing, up 61% in 2021, compared with 48% in 2020 [3].  Attackers are setting up free accounts and sharing malicious links or files via popular cloud apps. When shared, the email will originate from a well-known brand such as Microsoft or Google and evade security gateways. This increases the chance of success, with the target more likely to trust this type of email.

With an estimated 90% of all successful data breaches starting with phishing [1], it’s important to take steps to protect you and your customers.

How to spot phishing

  • Review the email address – look out for impersonations of trusted brands or people. Attackers can’t send emails from a company’s real domain name, so they tend to use generic accounts such as ‘hsbc@gmail.com’.
  • Check the legitimacy – inspect any URLs in the email by hovering over them before clicking.
  • Consider the request – were you expecting to receive it? Are you being asked to action something urgently? Look for inconsistencies; requests such as ‘send these details within 24 hours’ or ‘you have been a victim of fraud – click here immediately’ are signs of phishing.
  • Don’t automatically trust emails from known contacts such as clients, colleagues or friends – their account may be compromised. Phone them to check; you could be helping them take back control of their account and information.
  • Consider the format of the email or text – phishing emails are typically generic and refer to you as a valued customer, friend, or colleague – rather than by name.
  • Beware of URL redirects – pay attention to subtle differences in website content.
  • Remember cloud app emails can contain malicious files and links – ignore requests you’re not expecting to receive.

If you think the email could be genuine

Phone the sender using their contact details on Google. If you believe there’s an issue with your account, go to the website directly (rather than clicking any links) and log in as you usually would. This way, you’ll never be caught out by a fake website or telephone number.

If you think you’ve been a victim of phishing

Change your password for the account immediately. If you’ve reused this password across any other sites, update your password there too. If you believe you’ve downloaded a malicious file, you should run an anti-virus scan.

How to prevent 99% of attacks

Set up Multi-Factor Authentication (MFA), especially for high-risk accounts. Then even if your password is leaked, the attacker will be unable to access your account without the MFA linked device.

For guidance on setting up MFA, visit the government National Cyber Security Centre National Cyber Security Centre.

References:

[1] https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list

[2] https://www.upguard.com/blog/biggest-cyber-threats-for-financial-services

[3] https://www.securitymagazine.com/articles/94702-majority-of-malware-now-delivered-via-cloud-apps#:~:text=Malware%20delivery%20continues%20to%20shift,three%20(36%25)%20phishing%20campaigns.