30th November 2022
24th May 2022
Cyber risks such as ransomware (malicious software) and phishing attacks have increased continually in recent years. This is also shown by the Allianz Risk Barometer (1). Those surveyed see cyber risks as the greatest risk for the coming year.
Increasingly, besides large companies, attackers are also targeting small and medium-sized companies. In Switzerland, attacks have risen significantly in recent weeks and months. Affected companies make the news almost every day. A survey conducted by DigitalSwitzerland (2) among 506 managers of small and medium-sized companies showed that 36% had been victims of a cyberattack in the last year. This corresponds to an increase of 11% compared to the previous year’s figure of 25%. Among other things, the impacts included financial damage, damage to the company's image, and loss of customer data. The study sees an opportunity for increasing employee training. Only 39% of those surveyed trained their employees regularly, while 21% did not train at all.
If a company is successfully attacked with ransomware via phishing, production can come to a standstill for between a day and several weeks until the damage is repaired. It sometimes takes months for affected companies to realize that they have been the victim of a cyberattack.
The most common attacks with ransomware or other malware are carried out using phishing emails. Why? Because humans are one of the most successful entry routes for attacks. Hackers rely on the ignorance, helpfulness, good faith, or insecurity of their victims. Creating a phishing email is easy and inexpensive and can be sent to thousands of people at the same time with the click of a button. And with every such attack, dozens, even hundreds, of people fall for it.
Spam filters are often unable to recognize all phishing emails in good time. It is therefore important that all employees are trained and recognize phishing themselves, thus helping to protect the company.
In this article, we take a closer look at the topic of phishing. What is phishing? How do you recognize phishing emails? What can be done to combat phishing?
Nowadays, each of us, whether private individuals or employees, is a potential target of hacker attacks and thus of phishing. You have probably received a phishing email yourself.
Attackers are becoming more and more professional, and it is therefore becoming increasingly difficult to recognize phishing emails. It's very important to pay close attention when it comes to email.
Attackers try to obtain their victims' data with phishing emails, instant messaging, personal messages, or websites. Access data such as passwords, usernames, and account information are particularly popular. Links and infected websites can also be used to inject ransomware into a computer or company network.
Once hackers gain access to user accounts or networks, they can spy on or steal customer or business data. Money transfers can be made, and systems manipulated or even rendered inoperable. A first attack is often followed by further attacks, which can lead to major financial losses and damage to the company's image. In severe cases, it can lead to bankruptcy.
There are different forms of phishing. Basically, each one has the same goal: to get data. However, some forms of phishing are more obvious, while others are more difficult to spot because they are more sophisticated.
To protect yourself from phishing, it is important to recognize such messages. Certain characteristics allow you to recognize phishing.
Is the sender unknown to you? Have you never been in contact with this email address? Then you should be suspicious!
This also applies if the sender, i.e., the email header or the email address, does not match the stored Internet link (example: mailto:firstname.lastname@example.org / website: www.europcart.ch).
Sender addresses are easily forged, often containing small errors or a different URL (e.g., .net instead of .com).
Another sign is a personal return address (e.g., @gmail.com or @outlook.com), even if the message is supposed to be from a company.
Email attachments can infect computers and networks with malware. Therefore, dubious attachments should not be opened. If in doubt, check with the sender. Important: Do not reply in the message but choose another communication channel such as the phone. If you are unsure, it is better not to open the attachment.
When using Windows, make sure that the "File name extensions" selection is activated in the "View" tab in Windows Explorer. If this setting is deactivated, the file type is not immediately recognizable. There is therefore a risk that manipulated extensions such as "Document Name.pdf.exe" will not be recognized and that a file containing malware will be opened.
An impersonal form of address, such as "Dear customer", can be an indication of phishing. But be careful: Cyber criminals can find out about their victims via social networks or search engines and write to them in a targeted manner (so-called "spear phishing").
Incorrect text, character set errors, missing letters or inflections, grammatical and orthographic errors, letters from other alphabets (e.g., Cyrillic letters). Attention: Letters from another alphabet are often very difficult to recognize.
If you are asked to act within a short time, often combined with a threat (e.g., the blocking of your credit card or online access), this can indicate phishing. Therefore, check carefully whether the request is really justified. An invitation is often "too good to be true".
If you are asked to enter personal data such as a password, PIN or TAN, you should be careful. Remember: No reputable company will ask its customers to change their user data via an attached link or form. Or if so, then without a direct link to the login page. Always use the web page you saved previously to modify user data. Never reply to emails asking for usernames, passwords, or account information, etc.
The message contains one or more links that point to an address that does not belong to the sender's address range. (EXAMPLE Sender: email@example.com Link: http://www.paypal.com-verfy-transactionid-7961312693567631367.login.ebay-buyerprotection.net).
Also check that there are no special characters (e.g., from the Cyrillic character set, spaces, etc.) in the URL. To check a URL, hover over the link. The advertised link appears in a pop-up window. If this doesn't work, you will need to enable this in settings. Think carefully about whether or not you need to visit the link and don't just click on it out of curiosity.
Normally the communication is in the recipient's language. Sometimes, like in the example email in the picture, several languages are mixed up. To start with, this is suspicious, and in addition, it doesn't look very professional, for example, when a company ends a German email with the English word "Goodbye".
If unusual or unfamiliar names are used for departments, products, or services, you should immediately pay attention. Check the intranet to see if this designation is used within the company. If not, report and delete the email.
If you receive an email that seems suspicious to you or you clearly recognize it as phishing, always report to your IT service desk immediately. To do this, use the method that is customary in your company (e.g., by forwarding the email to the IT Service Desk or reporting via a specific button in the email program).
Only with your help can phishing attacks be recognized early and the necessary countermeasures taken. Therefore, it is important that you promptly report such emails, without replying to them and without clicking on any links or attachments contained within them.
The technical protection of the IT infrastructure in a company is usually a given, so that there are hardly any hacker attacks. However, hackers can still very successfully obtain money, data, and information from the employees, i.e., the users of the IT infrastructure, and extort ransoms. This is why it is so important that the people who use the IT infrastructure also know how to behave securely. Especially when dealing with phishing. Train your employees on information security and reduce the risk of a successful hacker attack.