We would like to draw the attention of our customers to cyber attacks that could be made on your company. It is very important that you stay alert to these attacks, which are also known as "phishing". We hope this information helps you to further enhance your company's cyber defenses.
"Phishing" is the most common type of cyber attack that could affect your organization. Phishing attacks can take many forms, but they all share a common goal — getting you to share sensitive information such as login credentials, credit card information or bank account details.
Although you might have installed multiple security features, and systems that perform checks to help protect your networks and computers from cyber threats, we believe that each and every employee at your company must provide a first line of defense.
A few different types of phishing attacks to watch out for are:
- Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an email asking you to verify your account details, with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
Spear phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to your company name in the email to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears similar to yours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and they ask you for sensitive information (including usernames and passwords).
Shared document phishing: You may receive an email that appears to come from a file-sharing site like Dropbox or WeTransfer, notifying you that a document has been shared with you. The link provided in these emails will take you to a fake login page that mimics the real login page and will steal your account credentials.
What you can doTo avoid these phishing schemes, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip files or other compressed or executable (exe) file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they are legitimate and not imposter sites.
- Do not open any shared documents that you are not expecting to receive.
- If you can't tell whether an email is legitimate or not, do not open the email — delete it instead.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
- Be extra vigilant if you are requested by email to pay somebody or to pay money into a different bank account than normal.
We hope this information will help keep your network and employees safe from cyber threats. Please contact your Moba contact person if you receive a suspicious email from Moba or you have any doubts about the authenticity of a received Moba email.