Have you received an email warning you that your subscription to a work tool will expire soon? Hopefully, you didn’t click the link that took you to an obscure website asking for your personal information. That could have been phishing.
With more people logging on into the internet for work or for study, hackers have also doubled down on their schemes to lure users into giving up their valuable data. Cyber criminals are baiting employees who are working at home with phishing emails to steal valuable information that can be used to penetrate a company’s defenses. Lately, they have trained their sights on Microsoft Office 365 users who use the platform for their daily work activities.
In the second quarter of this year, PLDT and its wireless unit Smart Communications, Inc. (Smart) blocked 10 million emails sent to their employees every month that were laced with cyber threats.
“Attackers mask their emails with seemingly legitimate corporate messages to deliver phishing and other social engineering schemes. Hackers often bait employees with credential reset notices or deactivation warnings,” said Angel Redoble, Chief Information Security Officer and First Vice President at PLDT, ePLDT and Smart. He added that quarantined messages, password expiry, and reaching storage limits were among the common themes hackers used as bait.
So how do you filter out phishing expeditions from legitimate emails? Remember this acronym – FALSE.
Phishing emails usually come with unnecessary attachments that are unrelated to the message.
Attention grabbing messages
These include warnings, freebies and offers that sound too good to be true.
When you click on the link, you will be brought to a website asking you to key in your personal data, as well as your password.
Sender is unknown
If you look closely on these messages, you would notice that they’re often sent by illegitimate sources.
Element of time
Malicious emails usually present victims with a false sense of urgency.
Be on the lookout for incorrect logos too. Grammatical errors and misspelled words are also red flags.
“To match these waves of technological innovations, the PLDT group has started adopting cybersecurity capabilities that combine real-time or near-real-time monitoring or detection, with those that provide automated incident response and intelligent forensic analysis,” Redoble explained. He added that the telco has significantly invested in cybersecurity measures to protect critical infrastructure, customers, employees and partners.