In an increasingly digitalized world, businesses are encountering a multitude of cybersecurity threats. One of the most prominent is phishing, an attack aimed at obtaining sensitive data by masquerading as a trustworthy entity. Phishing campaigns target organizations of all sizes and industries, but companies in the supply chain – servicing significant clientele – become particularly enticing targets.
The Threat Landscape: Sophisticated and Professional Attacks
Hackers are becoming increasingly sophisticated, employing professional-looking emails, content, and websites to deceive their victims. This sophistication can make it difficult to differentiate between a genuine and a fake request, especially when the attackers appear to represent a company you trust or even your employer.
Key Takeaway I: Validate Before You Act
In any situation where you’re unsure of the credibility of an email or document, your first line of defense should be to not open any link or attachment. Instead, contact your IT helpdesk or information security team. They will have the necessary tools and experience to assess the threat and guide your next steps.
A common phishing strategy is what’s known as C-level fraud. In this scheme, an attacker impersonates a high-ranking executive, often requesting immediate action that deviates from standard procedures. The request may include purchasing gift cards, authorizing a financial transaction, or sharing sensitive information. In many cases, these requests come with an insistence on secrecy, citing business-sensitive reasons such as urgent M&A activity.
Key Takeaway II: When in Doubt, Verify
No matter how urgent the request may seem, always verify the request’s legitimacy, especially if it deviates from normal protocols. Use established communication channels to confirm – make a call to the number you already have, not one provided in the suspicious email, or use company internal communication platforms like MS Teams or Slack.
Most companies have well-established processes for approvals, even in cases of emergency. No legitimate request will bypass these processes or ask for covert support.
Emerging Threat: The Deepfake Scam
An emerging threat to be aware of is the use of AI technology to create deepfake audio or video, further complicating the phishing landscape. Attackers can impersonate a known individual’s voice or face convincingly, leading victims to believe they’re interacting with a genuine person.
Key Takeaway III: Beware of Deepfakes
Always be vigilant and question unexpected or unusual requests, even if they appear to come via video or audio calls. Familiarise yourself with the characteristics of deepfakes, such as unnatural blinking or facial movements, and report any suspicious incidents.
Phishing Remedies: Best Practices to Consider
- Continual Education: Keep up-to-date on the latest phishing strategies and mitigation techniques.
- Two-Factor Authentication: Implement and enable this wherever possible to add an extra layer of security.
- Regular Audits: Regularly audit your digital activities to detect unusual behaviors or transactions.
- Information Backup: Maintain a secure and up-to-date backup of your valuable information.
- Incident Response Plan: Establish clear procedures for reporting and responding to phishing incidents.
Understanding and anticipating phishing threats is a critical part of a robust cybersecurity strategy. Always remember, when in doubt, it’s better to verify than be a victim.
