Whilst we all pull together in these difficult times, there are a criminal minority who will see opportunity. Email filter suppliers are already seeing a sharp increase in email phishing attacks, feeding on the fear and uncertainty that surrounds us all.
At Daisy, our IT team maintain their usual high standards in security defence and work diligently to protect us against the vast majority of unwanted threats, battling with criminals who are continuously working to defeat our security measures and who occasionally succeed in making it through our security protection layer, with cleverly crafted and deceptive attacks.
We have briefed our staff to be extra cautious when receiving emails requesting any personal or business information, especially when **This message originated outside your organisation** is displayed at the top of the email.
Here are the tips that we have shared with them:
- O365 “urgent” emails are becoming increasingly common as ways to trick you into entering your credentials and the fake websites look extremely legitimate. If in any doubt, do not comply with the request and contact the IT team.
- Hover over URLs and links contained within the email to check that the destination address is valid, for example:
- Double check the email address of emails that come through on your phone as you are generally only able to see the display name, and the domain could be from a new or unusual domain.
- Watch out for spoofed domains such as “Amazon.co” or “Arnazon.com” (r and n together which can appear as an ‘m’ at first glance) and do not trust shortened URLs that do not display the full destination URL.
- Check URLs carefully as they may be using alternative character sets that use similar, but slightly different characters that result in a valid looking domain name at first glance. For example:
http://www.dɑisygroup.com is spoofing http://www.daisygroup.com.
- URL links on your phone may not always show the full link destination, please think before you click the link.
- Check the email content and links for typos, errors, repeated letters or other grammatical inaccuracies that will suggest that it is a scam.
- Pay close attention to the sender’s email address and check that it does match the retailer’s website.
- Be suspicious of an email that contains a sense of urgency or a “too good to be true, time-limited” deal – especially over the next few days.