Detectives from the Police Service’s Cyber Crime Centre are asking Northern Ireland businesses to be on their guard against phishing.
The warning follows reports of a number of local businesses, in particular those within the planning and legal sectors, being targeted by scammers.
Detective Constable Sam Kinkaid, from the Cyber Protect team, explains the term ‘phishing’ is most commonly the use of deceptive emails to obtain sensitive information.
He said: “We’re asking everyone, in particular local businesses, to be on their guard.
“We’ve recently seen phishing emails reach a number of organisations, including those in the planning sector and law firms. And, in the last few days alone, we have received reports from seven targeted businesses.”
Detective Constable Kinkaid describes a common pattern to the recent attacks:
An employee receives a phishing email that appears to be from a known contact.
The recipient is directed to a webpage displaying a PDF icon and the word ‘Open’.
On attempting to open the PDF, the victim is taken to a hoax ‘Sign in’ page, designed to capture username and password credentials.
He continued: “Phishing emails can target organisations of any size, type or location. They’re typically intended to prompt employees to click a link to a fake website, which could, for example, result in the installation of malware. Scammers may seek to monitor the content of employees’ emails; they may try to get their hands on sensitive or personal information. Basically, they’ll use whatever trickery they can to make money.
“Working with our partner agencies in the UK Cyber Protect network, we’re determined to help protect organisations from the growing threat of phishing and other cyberattacks.
“We’re asking all employees to be wary of clicking on any unverified links, no matter how familiar the sender’s email address may be. And, importantly, employers should have a reporting system in place, should a member of staff be tricked into clicking a suspect link and entering their credentials.”
The Police Service’s Cyber Crime Centre is offering free cyber awareness sessions to local organisations. To find out more visit www.psni.police.uk/cyber-protect
Advice on how to safeguard your business from the dangers of phishing can also be found on the National Cyber Security website at www.ncsc.gov.uk
In addition, any organisation experiencing a compromised email account can report to Action Fraud at www.actionfraud.police.uk or 0300 123 2040.