Finding the Phish in Your Firm’s Pond

It’s Friday afternoon, and you’re planning to leave early and get a jump start on your weekend. You receive an email with the subject “Office 365 – Failed Login Attempts – Password Reset Required Immediately!” You wonder who tried to access your account or whether you forgot to logout of your email on the public computer at the hotel business center. You were all but out the door when out of an abundance of caution, you decide you should probably reset your password; otherwise you’ll think about it all weekend. The email looks legitimate. You click the link and a familiar page opens in your browser. Everything looks as expected – the logos are there, the web address looks convincing, and the general layout of the site leads you to believe this is a legitimate website. You enter your username, your old password, and you carefully select a new, even more complex password and click the button to reset your password. The problem is, in your haste to get out of the office early you just clicked a link in a fraudulent email. The credentials you just entered on that website? They were just sent to a hacker who can now access your company’s network masquerading as you. You just fell victim to a phishing attack, and unfortunately, you’re not alone.

What is Phishing?

Phishing is a form of social engineering where an attacker with malicious intent attempts to trick a target into performing an action such as clicking a link, providing credentials, or opening an infected file. Targets are often tricked into disclosing private or sensitive information by someone impersonating a trusted source such as a bank or credit card company, an authoritative source such as a government agency, or by appealing to a target’s willingness to help by impersonating a colleague, supervisor, or client. In one of the more successful methods of phishing, attackers send emails to company staff purporting to be from company executives.

Mike Farrell, CISA, CISM – CSS Cyber IT Services

Fill in & submit the form below to download this Whitepaper

Thank you!

Your download will appear below momentarily.

Download Now.

Latest Content

Breakdown of OCIE’s COVID-19 Compliance Risks Alert

The SEC’s “Office of Compliance Inspections and Examinations (“OCIE”) issued an Alert today regarding “Select COVID-19 Compliance Risks for Investment Advisers and Broker-Dealers.” OCIE shared observations regarding six broad categories: protection of investors’ assets; supervision of personnel; practices relating to fees, expenses, and financial transactions; investment fraud; business continuity; and the protection of investor and … Continued

Are Investment Managers Going to Have More KIDs?

Let us be clear…. we’re actually talking about the potential increase in production of point-of-investment disclosure documents for investment managers. The complications and stress of Brexit just got a whole lot more real for many UK- and EU-based investment management companies that are subject to rules requiring production of UCITS KIID (Key-Investor-Information-Document) and PRIIPs KID … Continued

Do You Feel Confident Your Password Hasn’t Been Hacked?

As a cybersecurity consultant, I am often asked if some of the threats we industry practitioners talk about are overstated. Hyped up fear as a sales tactic. The simple answer is no. The fear is not overstated, and the risks all too real – which helps to explain why cyber remains a top priority for … Continued