PSNI warns of phishing scams impacting NI businesses
Detectives from the Police Service's Cyber Crime Centre are asking Northern Ireland businesses to be on their guard against phishing
The warning follows reports of several local businesses, in particular those within the planning and legal sectors, being targeted by scammers. In the last few days alone, the PSNI has received reports from seven targeted businesses.
The term 'phishing' relates to the use of deceptive emails to obtain sensitive information. Detective Constable Sam Kinkaid, from the PSNI's Cyber Protect team, explains that recent attacks follow a common pattern.
An employee receives a phishing email that appears to be from a known contact. The recipient is then directed to a webpage displaying a PDF icon and the word 'Open'. On trying to open the PDF, the victim is taken to a hoax 'Sign in' page, designed to capture username and password credentials.
The PSNI is reminding businesses that phishing emails can target organisations of any size, type or location. They're typically intended to prompt employees to click a link to a fake website, which could, for example, result in the installation of malware. Scammers may seek to monitor the content of employees' emails; they may try to get their hands on sensitive or personal information, or use any other trickery to make money.
Working with their partner agencies in the UK Cyber Protect network, the PSNI's Cyber Protect team is determined to help protect organisations from the growing threat of phishing and other cyber attacks.
They are asking all employees to be wary of clicking on any unverified links, no matter how familiar the sender's email address may be. And, importantly, employers should have a reporting system in place, should a member of staff be tricked into clicking a suspect link and entering their credentials.
Free cyber awareness sessions are available to local organisations through the PSNI's Cyber Protect initiative. Advice on how to safeguard your business from the dangers of phishing can also be found on the National Cyber Security Centre's website.
In addition, any organisation experiencing a compromised email account can report an attack to Action Fraud.
First published 26 June 2023