2017-05-31Staff Report 2 Staff Reporter Windhoek FNB’s IT Risk Manager, Holger Bossow, has warned that Spear Phishing seems to be on the increase and the bank has warned customers about this fraudulent activity. “Spear Phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from criminal hackers who want to fool you into doing something that will compromise you for their personal gain. Most often if you are targeted, the hackers would have gained some information about you to make the email appear authentic,” Bossow explained. He noted that people are usually targeted when they have something of value that hackers can use, such as access details to bank accounts; access details to financial systems, or other critical data or systems knowledge, financial data, or other forms of sensitive data. “Targeted victims could suffer financial loss or their identity could be stolen to commit further crimes; their reputation could be tarnished, or the company they work for could even suffer financial loss, reputational damage or face regulatory consequences,” Bossow stated. Spear Phishing is most often done through email and Bossow advises customers to be risk aware and disciplined to be conscious of what value you hold for a cybercriminal. He also cautions customers to protect that which has been entrusted to them and double check everything before following instructions that potentially carry a risk. He further warns that email addresses, links and attachments are not always what they appear to be and advise that people double check these before responding, clicking or opening documents. Also, check the email address. If the email appears to come from a legitimate organisation, but the “FROM” address is someone’s personal account, such as ‘@gmail.com’, this is likely an attack. “Verify the source address of the sender. Hackers can very easily make it look like the source is legitimate. Pay attention to the spelling of the address e.g. fnb_namiba.co.na is incorrectly spelled and hence not a trusted source. Check the “TO” and “CC” fields to see if the email is being sent to people you do not know or do not work with. If you get a suspicious email from a trusted friend or colleague, call them to verify. Any email that uses emotion, threat, fear, wealth or urgency to drive action, the email must be validated first. This is a common tactic used in Spear Phishing”, said Bossow. When receiving a suspicious or Spear Phishing email, Bossow advises that when in doubt request validation from or report any suspicious mail to your IT department, do not open any attachments in the mail or click the links, do not “reply” or “reply to all” or “forward” the mail to any other users and do not send any credentials, customer information or personal information to the requesting party. “FNB will never ask you for your personal information via e-mail or text messages,” Bossow concluded. 2017-05-31Staff Report 2
