Were you a Phishing Victim?
If you were directed from a remote logon system such as a OWA (Outlook for Web Access) or any other logon page, you possibly were duped and missed tell tale signs of a phishing attempt and you clicked a link you should not have followed.
No confidential data was taken and no data moved from the system internal system.
What could be the impact?
- If you have clicked on a link and the remote site has a script that downloads a payload (some virus or malware) that infects your computer.
- Once the virus has been downloaded, it will have many possible attack paths including encrypting your data, stealing your data or be used as an attack point against other computers.
What should you look for?
- Have a look at the web site address and the exact spelling. For example ‘Apple’ and ‘App1e’ (see the number one being used which will be missed if you scan quickly)
- Look for proper spellings and fonts used as internal mail should
What should you do?
- You should have trusted and up-to-date anti-virus software
- Make sure you know the person and expect email from him or her
- If you are unsure and you can make a call, make a phone call.
- You can also email the person if the person is in your email. Not using a reply but a new separate email.
- When you receive an email with a link you should float over the link with your mouse pointer and it will reveal the actual link. Criminals can use coding to hide the actual link
- You should also make your Information Security staff (IT/Security/Risk) aware of the email that you have received if it is a phishing attempt
- One of the main reason of giving feedback is that your company may be using anti-virus software and phishing prevention solutions and it may not be up to date or has to be fine tuned.