By Danny Palmer

Originally posted at computing.co.uk

Phishing-1

Cybercriminal phishing techniques have become so sophisticated that wannabe hackers are able to pose as the chairman of the company they are targeting in malicious emails.

That is according to Michael Cock, group IT manager at Sutton and East Surrey Water (SESW), who told Computing that staff at the utility are receiving email phishing attempts which appear to be from the head of the organisation.

Cybercriminals’ techniques have become so sophisticated that “over the past week we’ve had a lot of emails that look to come from our chairman that clearly haven’t,” he said.

Phishing – the practice of using legitimate-looking emails to dupe the receiver into clicking a malicious link which is used to steal data – has become an increasingly common problem for the enterprise and Cock described how the practice has been used to target SESW.

“Over the past 12 months the biggest threat we have seen, that continues to grow, is phishing; we’re seeing an ever-increasing amount,” he explained. “So we’re doing a number of different activities to combat it.”

One of those activities is using a programme called PhishMe, an awareness education programme which demonstrates how to spot a malicious phishing attempt to users. Cock described it as “brilliant” and “probably the most effective training programme we have undertaken here”.

While Cock is confident his employees have received training which lets them recognise malicious emails, the ForeScout CounterACT for Network Access Control security platform is there to provide backup in the event of someone being duped.

“Should anyone click any of those links, we have the ForeScout preventative piece that identifies if something untoward appears on the network,” said Cock.

Phishing remains one of the most common means of hackers breaching an organisation’s cyberdefences and as security expert Neira Jones previously told Computing, the technique is far more effective than most businesses realise.