23 July 2017
The report ‘German firms lost millions of euros in ‘CEO Fraud’ scam: BSI’ published in the Reuters Technology News on 10 July 2017 makes me really worry. Whaling, a special form of spear phishing aimed on corporate executives, is not new at all. For some samples see this slide show on CIO.com.
It appears to me that in Germany the first line of defense, the employees, are not adequately prepared in the detection and the correct handling of phishing attacks, even though anti-phishing training is the most effective and cost efficient defensive measure in the fight against all kinds of phishing.
In addition, some rules are helpful and should be communicated to all employees:
- Users should never act on a business request from a company executive if the email is not signed with a company owned and valid email certificate.
- Users should never trust an email of a business partner if it is not signed with the partners valid email certificate.
Technical implementation is very easy, thus even SMB can use email signing in daily communication.
Have a great week.