Go to the profile of Topsec Cloud Solutions
Topsec Cloud Solutions
Topsec is a leading provider of cloud based managed email and web security solutions. See www.topsec.com for more info.

Beware of Phishing — Don’t be caught hook, line and sinker

We’ve all heard the stories. We usually read about them on social media newsfeeds or if it’s a multinational company, it’s all over the evening news. We’re talking about phishing attacks and the innocent victims that are lured into data security breaches that compromise sensitive business-critical information.

I heard of a recent case, and I heard it from the horses mouth so to speak. A contact of mine told me his story. It’s so much scarier when you hear from someone you know and respect, as opposed to hearing a story on the news. The moral of the story really hits home as a result. It’s a story we can all learn from…

I’ll summarise the story and leave out all identifiable details…

Someone got access to a CEO’s email account by cracking their password. You’d be surprised how easy passwords are compromised, so that’s the first lesson to be learned — have stronger passwords.

The cyber thieves monitored emails between himself and the CFO of the same company to become familiar with the language and tone of their correspondence and how they addressed each other.

When they were familiar with the CEO’s communication style they then crafted a phishing email which they sent to the CFO in the same tone, language and style of the CEO. This email requested the CFO to transfer a reasonably sized sum of money to a bank account for a project they had planned. It wasn’t a figure so out of the ordinary that it would spike curiosity but it was a substantial amount nonetheless. Clearly the thieves had done their homework.

The CFO treated this like any other request he received from his CEO and proceeded to transfer the money for the project.

Luckily the person who was processing the transfer rang the CEO to clarify some details and the CEO confirmed he did not make the request, nor did he send an email. This raised red flags and the transfer was cancelled.

Disaster was averted in the nick of time. Were it not for a few minor missing details the transfer would have been processed and the money would have been lost. And of course this would only signal the beginning of the dubious operation as the thieves no doubt would have siphoned off more and more until they were rumbled.

These extremely targeted phishing attacks are becoming more common place within all industries as the fraudsters are using more sophisticated phishing techniques.

Sometimes thieves ‘go phishing’ with slight deviations to domain names or email addresses e.g. john.Doe@exmaple.ie instead of john.Doe@example.ie. As you can imagine, it’s easy to be caught out if you’re not vigilant.

Another popular technique worth pointing out are ‘Ransomware Attacks’.

Picture this scenario…Someone sends an email at midnight or on the weekend. The links are checked by an automated email filter and at that time they appear to be perfectly fine. All seems in order. However, at 6am the thief changes the DNS records to point the links now to a compromised website, so that when the employee opens the email and clicks on the link, it initiates a ransomware attack.

These kinds of threats are becoming more and more prevalent and they are compromising your entire IT systems and leaving your business venerable to attack. To address this loophole, we have designed our ‘Blended Threats’ module. This helps eliminate the risk, as every time email links are clicked they are verified as authentic and safe in realtime.

For more information on security issues that threaten your business, read our free ‘Essential Online Safety Tips for Business’. And rest assured that the link has been checked, cleared, authenticated and genuine.

Originally published at, topsec technology blog