Holger Bossow, FNB IT Risk Manager has warned that Spear Phishing seems to be on the increase and the bank would like to warn customers about this fraudulent activity. He explains: “Spear Phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from criminal hackers who want to fool you into doing something that will compromise you for their personal gain. Most often if you are targeted, the hackers would have gained some information about you to make the email appear authentic.”
People are usually targeted as they have something of value that hackers can use, such as access details to bank accounts; access details to financial systems, or other critical data or systems knowledge, financial data, or other forms of sensitive data. “Targeted victims could suffer financial loss or their identity could be stolen to commit further crimes; their reputation could be tarnished, or the company they work for could even suffer financial loss, reputational damage or face regulatory consequences,” explains Holger.
Spear Phishing is most often done through email and Holger advises customers with the following tips:
- Be risk aware and discipline yourself to be conscious of what value you hold for a cybercriminal.
- Protect that which has been entrusted to you and double check everything before following instructions that potentially carry a risk.
- Email addresses, links and attachments are not always what they appear to be. Double check them before responding, clicking or opening documents.
- Check the email address. If the email appears to come from a legitimate organisation, but the “FROM” address is someone’s personal account, e.g. @gmail.com, this is likely an attack.
- Verify the source address of the sender. Hackers can very easily make it look like the source is legitimate. Pay attention to the spelling of the address e.g. fnb_namiba.co.na is incorrectly spelled and hence not a trusted source.
- Check the “TO” and “CC” fields to see if the email is being sent to people you do not know or do not work with.
- If you get a suspicious email from a trusted friend or colleague, call them to verify.
- Any email that uses emotion, threat, fear, wealth or urgency to drive action, the email must be validated first. This is a common tactic used in Spear Phishing”.
Holger also advises what to do when receiving a suspicious or Spear Phishing email:
- When in doubt request validation from or report any suspicious mail to your IT department
- Do not open any attachments in the mail or click the links
- Do not “reply” or “reply to all” or “forward” the mail to any other users
- Do not send any credentials, customer information or personal information to the requesting party
FNB will never ask you for your personal information via e-mail or text messages. Please visit the FNB website where you can find more tips on how you can protect yourself against cyber criminals.