Spam emails can be tricky to identify
They are easy to spot: emails full of grammatical errors trying to entice people to click on a link and reveal sensitive data. But let’s be honest: some of these so-called phishing mails are more difficult to detect and, with the stress and strains of everyday life, all too often we’ve clicked on the link before recognising the danger.
Billions of euros worth of damage!
This is certainly one of the reasons why phishing and other kinds of scams cost the German economy a total of 223 billion euros every year. This was the latest figure published by the German IT association, BITKOM. In the same study, the association reports that almost one-fifth of all German companies have suffered losses as a result of phishing. According to industry experts, practically every single company in the country is at risk. Which is why having a professional risk management system in place is essential to ward off such attacks.
REMONDIS IT Services is responsible for such systems at REMONDIS. Information security officer Jan Ellermann made it very clear that the cyberattacks targeted at firms are not the same as the mass-market campaigns sent to private individuals: “The attacker chooses a specific target, spends some time preparing their attack and then systematically searches for weak spots.”
A phishing mail – not all of them are instantly recognisable as scam mails
A multi-layered approach
For an anti-phishing protection system to be a success, therefore, it must contain several well-coordinated measures. Three filters are currently being used at REMONDIS: all incoming emails are first automatically screened and filtered in line with the company’s latest criteria – to prevent any suspicious mails from being delivered in the first place.
A small number of mails, however, still manage to slip through the net. It is now up to the recipient to pick up and delete fake mails. REMONDIS IT regularly holds online seminars for the approx. 13,000 in-house users to raise awareness and help them identify suspicious mails. The IT department also sends out test mails. If the recipient clicks on this fake phishing mail, then they are immediately sent information explaining why it was a scam email: this should help them to spot such mails in the future.
REMONDIS is also planning to introduce a notification procedure that will allow employees to highlight any fake emails they find in their inbox. This phishing button will be part of a self-learning system that should enable any changes in the behaviour of attackers to be incorporated into the company’s defence strategy more quickly.
REMONDIS IT regularly holds online seminars for the approx. 13,000 in-house users to raise awareness and help them identify suspicious mails.
Well-trained employees are needed to tackle the problem of phishing: REMONDIS has an online course on its e-learning platform to teach its staff about these emails
Security systems should the worst come to the worst
Security systems are also in place, of course, if the worst comes to the worst: technical measures make it possible for REMONDIS IT to stop data being transferred if someone accidently clicks on a phishing mail or even enters data onto a fake platform. Thanks to these various procedures, REMONDIS has succeeded so far in avoiding serious damage. Around 124,000 mails are sent to the company every day, of which approx. 27,000 are phishing or spam mails. Jan Ellermann stressed: “If we are to continue to be successful, then our employees need to be on the alert all the time. And we have to make sure we develop the right technology to stay ahead of the game. This is what our team is working on each and every day.”
Phishing is a portmanteau combining the words ‘password’ and ‘fishing’. Their goal: to lure people into revealing their login data so that the attackers can make transactions in the user’s name or steal their data. Such mails copy the design and language of the supposed sender. There are a number of clues, though, to help spot a phishing mail:
- The message creates a sense of urgency
- The text is not written well, with poor spelling and grammar
- The email address does not match the organisation of the supposed sender
- The message asks for data that the assumed sender should know or would normally never ask for
Image credits: image 1: Adobe Stock: akf; image 2: © REMONDIS; image 3: © TinyDesignr