Question

Write a short "newsletter" article (3 to 5 paragraphs) for the non-technical managers and employees at Sifers-Grayson to explain the following:

(a) What is Phishing? (Focus on phishing emails and targeted attacks that include spear phishing and whaling.)

(b) What "bad things" can happen when a successful phishing attack gives outsiders access to company networks and computers?

(c) How can employees avoid "biting" on a "phish?"

(d) How should employees report phishing attacks? Why is immediate reporting critical to stopping the attackers?

Answer 1

a) Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.

b)Phishing steals identities and wrecks lives. It affects everyone, from the top manager to lower employees, who have never heard of internet scams. The worst part is that though phishing is now more than a decade old, many people are not familiar with how it works and still fall victim to this scam.Let us look at some of the ways in which successful phishing works.Using data to access a victim’s account and withdrawing money or making an online transaction, e.g. buying a product or service.Using data to open fake bank accounts or credit cards in the name of the victim and usingthem to cash out illegal checks, etc.Using the victim’s computer systems to install viruses and worms and disseminating phishing emails further to their contacts.Using data from some systems to gain access to high value organizational data such as banking information, employee credentials, social security numbers,etc.

c)How do we protect ourselves and our organizations from being another hapless victim? By not biting the bait — identification is the best cure. Here are some pointers to better spot that phishing email:

• Check the sender's email.
• Verify the URL.
• Question the Tone of the Email.

d)You can protect your business from the malicious effects of phishers by, first, training your employees to recognize phishing emails and to dispose of them properly. To do this, each employee should delete any phishing email from their mailbox and from the trash as well. If any employee mistakenly clicks on a link in a phishing email, they should immediately run anti-virus software to get rid of any malware on their system.

Make sure employees feel comfortable reporting the small mistake of clicking on a spam link by establishing a simple protocol for reporting phishing incidents. You don’t want to end up permitting great damage to be done to your proprietary information and your network out of an employee’s fear of getting in trouble.