Cyber crime is increasing and organisations are getting caught because they fail to appreciate the importance of risk management.
Social engineering is how cyber criminals manipulate people into believing an email is legitimate so they act on it, which potentially means disclosing information that enables a system hack or paying a fake invoice that diverts funds to the criminals.
Sound risk management can help you avoid social engineering traps. Train your team members to identify red flags that can indicate an email is not what it purports to be.
Check for these red flag warning signs before your team members open or act on all emails.
Who is it from?
• Is the sender someone you ordinarily communicate with?
• Is it someone outside your organisation and the content’s not relevant to your job?
• Is it from someone inside the organisation or a known client but something’s unusual?
• Is the email address from a suspicious domain (like micorsoft-support.com)?
• It’s an unexpected or unusual email with an embedded hyperlink or an attachment from someone you haven’t communicated with recently.
Who is the email to?
• You are CCd on an email to one or more people but don’t know the other people.
• You get an email sent to an unusual mix of people.
What hyperlinks are embedded?
• A hyperlink displayed in the message links to a different website address. (This is a big red flag.)
• A hyperlink misspells a known website. Eg, www.bankofarnerica.com — the “m” is actually two characters, “r” and “n”.
What is the time and date?
• You get a normal business hours email at an unusual time, like 3am.
What’s in the subject line?
• The subject line is irrelevant or does not match the message content.
• Is the email message a reply to something you never sent or requested?
What is attached?
• You get an attachment you’re not expecting or it doesn’t make sense with email’s context.
What is the content?
• You’re asked to click on a link or open an attachment to avoid a negative consequence or gain something of value.
• Is the content unusual and/or has bad grammar or spelling errors?
• A link or attachment seems odd or illogical.
• You have an uncomfortable gut feel about a request to open an attachment or click a link.
Being risk aware can avoid costly traps. A cyber insurance policy should be part of your organisation’s risk management framework, too.
To discuss your risk management and insurance requirements, please contact: