30.03.2020
Author: Joanna Bogdańska - Attorney at law, Partner
Criminals are not idle
At a time when remote work is becoming the norm and personal contact is limited, we should be vigilant, especially on phishing – impersonating a sender whom the attacked knows or trusts. Typically, attackers impersonate a member of the board or another person performing an important function in the company and call to perform a specific task, e.g. making a money transfer or obtaining sensitive information, regarding the company's bank accounts.
Crimes are usually preceded by preparations, which allows the attacker to learn the principles of communication in the company, using of a company’s logo, etc. Very often the attacker is aware of the longer absences of key employees who could prevent him from making an attack.
The attacker’s activities often focus on creating the impression that the requested action has a significant impact on the proper run of the company, and it can be achieve, due to trust, only by the attacked person, e.g. the attacker inform about the offense, which involves other senior company’s crew member.
How to protect yourself?
Check the sender of the message. Very often, criminals use addresses similar to those used in the company,
Review the appearance of the logo and e-mail footer – is there anything missing?
Don't act under time pressure – verify information,
Do not automatically click on the link indicated in the message,
In case of any doubts –call the e-mail sender.
What's next?
In the case of phishing, time is of the essence. The faster we react, the greater the chances of recovering funds or at least minimizing the chances of the attacker. It is also important to report suspicion of attack immediately. However, due to the significant overload of law enforcement authorities, the key will be to notify and involve all possible institutions, such as a bank or the General Inspector of Financial Information, depending on the circumstances of the crime.
Comments