What follows is just a brief overview of an incident that happened to us last week. Upon reading you may feel that “common sense will always prevail” but it is evident that people can and have been caught out by emails such as the following. Not only the apprentices and office juniors, but also those in managerial positions.
Last week we were a target of cyber crime. Transition received an email to our enquiries inbox asking for help with a project. The email was pretty standard for a usual enquiry, they had an issue that needed solving.
I was already slightly wary at this point due to the language used and the sign off, also there was no phone number to call. I sent a polite email back requesting we would like to hear more and perhaps it was best that they provide a contact number to discuss further.
“How are you doing today? We would like to kindly request quote from your reputable firm. Please advise for your availability and schedule so we could fix a date to discuss further about our inquiry and I could as well send broad details for you to have a proper overview of what we request you to quote upon.
A few days later I had another email in my inbox (see below).
At this point I realised how easy it could be for someone to be tempted to click and open the attachment especially those who might not have been exposed to cyber crime information before.
“Hi, Please kindly view attached. And advise accordingly.
Adobe.PDF (was a clickable link)
I look forward to reading from you ASAP as it requires urgent attention. PS. Write me for any further queries.
My first step was to forward this email to my director and I didn’t mind sharing with my email on this. I’m sharing because some people may feel that their actions may be questioned or perhaps don’t feel knowledgeable enough to know what to do in this situation.
“OK I am just putting it out there that I am not going to open the attachment (just in case it’s a virus or something).
“OK I am just putting it out there that I am not going to open the attachment (just in case it’s a virus or something).Happy for you to take the risk.
Nichole Clark | Business Development Manager”
As a result Transition ran a scan on the attachment and found it to be untrustworthy and more than likely a virus.
I can imagine that somebody eager to respond to sales leads may have clicked on the link without giving proper thought to the implications. To be honest, we are all human and if we are distracted which is likely in a busy environment we may just click on the link.
We are not experts in cyber security but a few tips I would recommend you follow:
- Look at the source of the email, where has it come from. If you hover your mouse over the address it will sometimes reveal the true source underneath.
- Look at the language and the spelling used within the email.
- Always ask for attachments to be attached not put within the email. Don’t click on any links.
- If you are asked to make a payment or send personal information by somebody else that isn’t normal standard practice and it appears to be sent from a known address, call them directly (not the number in the email) and ask for clarification. No one will mind you interrupting their day, the alternative is much worse.
- If you are not sure and have an IT dept or support ask them to check it for you.
- This issue has also got me thinking about some of the prospects that we go and consult with. Typically the prospects we go to have had a bespoke software system built by an independent developer or company. For whatever reason that developer or company can no longer support that system or enhance it. This could be due to retirement, long-term sickness or perhaps skill set. Some of the systems we see are what we define as legacy, so perhaps 10-20 years old, these systems are unlikely to have the necessary security protocols in place for today’s requirements.
- When was the last time you and your development partner either penetration tested your software or reviewed the code base that was available to you? Does your system allow you to enable and disable different user permissions? Is your software as efficient as it could be? Could some functions of your software be automated allowing you to seamlessly integrate security protocols and save time and resources?
Transition is offering a complimentary, no obligation review of your software (subject to availability). Get in touch to find out how we could work together - 01908 657960 / www.transitioncomputing.com