The following article was published in the Birmingham Mail, March 2010.
A new form of cyber attack has been unearthed with financial and security implications for those businesses being duped.
Presenting itself as a legitimate email correspondence from HM Revenue and Customs, the email is a phishing attack - the criminally fraudulent process of attempting to acquire sensitive information buy masquerading as a trustworthy entity.
The email suggests to recipients that their business is eligible for a quite sizeable tax refund, and to do so they must confirm/update/verify their account data at HM Revenue and Customs through the given web-link within two to three working days.
The link actually takes the individual through to a spoof website where financial and personal details are captured by the phishers.
So how can Midland SMEs protect against misleading email attacks such as this?
One strategy for combating these scams is to train people to recognise phishing attempts. Education can be an effective and less costly tool and will help staff to deal with them in an appropriate manner.
Alternatively, the URL address of the organisation can be typed into the address bar of the browser instead of trusting any malicious hyperlinks in the suspected phishing message.
Nearly all legitimate email messages from companies to their customers contain an item of information that is not readily available to phishers (name, account number, business name etc) so suspicion should be raised with staff if a generic looking request comes through on email.
Anti-phishing functionality is now included as a built-in capability of most web browsers, so researching before choosing which one to use is also worthwhile.
For further information, please contact us on 0121 248 7931.
2010-03-23 (LM)