Message from the IT Security Team: Email Phishing
Posted by , 4 months ago
IT are seeing more and more phishing campaigns aimed at Optos employees, mainly attributed to:
- Advancements in technology, mainly around AI
- State-sponsored cyber activities
As part of our commitment to maintaining a secure and trustworthy computing environment, we need to constantly be vigilant about phishing and attempted account breach attacks. These attacks, better known as social engineering, are not only becoming more sophisticated but also more frequent, and they pose a significant threat to our personal and company data.
What is Phishing?
Phishing is a type of cyber-attack that involves tricking individuals into giving away confidential information such as passwords, company data, and credit card numbers, often through the guise of legitimate-looking emails or websites. These attacks can lead to financial loss, data breaches, and even identity theft.
What is an account breach?
An account breach occurs when unauthorised individuals gain access to user accounts. This can involve personal accounts such as email, social media, or financial services, or corporate accounts, which may include access to internal systems and sensitive data.
How to Recognise Social Engineering Attacks:
- Unexpected requests: Be cautious of emails asking for personal or financial information.
- Urgency: Phishing attempts often create a sense of urgency, prompting quick action with threats or opportunities that seem too good to be true.
- Email spam: New attacks consist of sending an onslaught of spam emails, in the hopes that you will click on a link or attachment. Be wary of higher than usual incoming emails to your account, or shared mailboxes.
- Attachments: Avoid opening unexpected attachments, especially from unknown senders. These can contain malware or viruses.
- Sender’s Email Address: Check the sender's email address for any misspellings or strange characters, especially if the emails contain links or attachments.
- Multi-Factor Authentication Fatigue: Also known as MFA bombing or MFA spamming, this attack tries to have you approve an MFA sign-in by sending numerous MFA requests in a short period.
Steps to Take if You Suspect Social Engineering:
- Do not respond or click on any links in the email.
- Do not respond to MFA notifications not initiated by you.
- Report the suspicious activity to IT Assist immediately
- Delete suspicious emails from your inbox to prevent further risk.
Our Proactive Measures:
To protect our company, we have implemented advanced security protocols such as Multi-Factor Authentication and URL Protection. However, please remember your vigilance is our first line of defence against these cyber threats. By staying informed and cautious, we can protect not only our individual assets but also our company's integrity and security.
Thank you for your attention to this critical issue and for your continued efforts to keep our workplace safe.
Please direct any questions you may have to IT Assist.