We have seen an alarming rise in the number of phishing attacks of late. A phishing attack is typically achieved by using a disguised email to prompt the recipient to complete an action. For all intents and purposes these emails appear to be legitimate to the recipient. Unfortunately if the recipient completes the action the computer becomes compromised and the hacker gains access to the computer and its data.
The examples observed recently include:
- Emails with links to malicious files
- Emails with malicious attachments such as a Word, Excel or PowerPoint documents
- Emails with links to grant Microsoft O365 Authentication requests
- Emails with an activity report that lure the recipient to click through for further information
One of the most important parts of any defence to these types of cyber security events is to raise awareness amongst your staff and colleagues. Look out for emails that come from an unrecognised sender or prompt you to complete an activity that you did not initiate.
We highly recommend following the guidance in the Australian Cyber Security Centre Essential Eight Mitigation Strategy which is available from the ACSC website for all businesses.