Warning for businesses against phishing scam
Local businesses and charities are being urged to be on their guard against phishing emails designed to deceive staff into providing their account passwords to online criminals.
The warning comes after detectives from the Cyber Crime Centre were made aware of several incidents across Northern Ireland involving compromised email accounts being used by attackers to target other organisations.
Regional Cyber Protect Officer, Detective Constable Sam Kinkaid explained how such incidents develop and how they can be prevented.
“Having gained a valid password, attackers will log into the victim’s account and use it to send emails to colleagues and contacts, such as clients and suppliers. Coming from an account of someone they work, or have engaged with, recipients are more likely to click the link shared in this type of phishing email and provide a password that compromises their own account,” Detective Constable Kinkaid explained.
“We would advise all email users to be wary of unexpected emails which contain a link, no matter who the sender purports to be, and encourage recipients to verify any such email with the sender by other means, for example a telephone number you have previously confirmed.”
Detective Constable Kinkaid has this advice for anyone who may have received a suspicious email, clicked on a link and submitted their password.
Detective Constable Kinkaid said: “Our advice is to report this as soon as possible to their employer and ensure steps are taken to secure the account, review any steps the attackers may have taken such as setting up rules to delete incoming emails and ensure other email users within the organisation are aware.”
Advice on combatting phishing and securing accounts can be found on the National Cyber Security Centre website www.ncsc.gov.uk. The Cyber Crime Centre would encourage anyone identifying and not responding to a phishing email to help protect others by sharing this with the NCSC Suspicious Email Reporting Service by forwarding to [email protected].
Organisations can report cyber incidents such as compromised email accounts to Action Fraud online at www.actionfraud.police.uk or by telephone 0300 123 2040.