Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo
  • Home /
  • What to do in a phishing attack

Print | Email this page

What to do in a phishing attack Neil Sanson,
20 March 2017 at 14:42

260225 phishing icon

A recent data breach involved a deliberate email phishing attack on an organisation. The email looked like it came from the chief executive and requested a copy of the membership list (names and email addresses).

At the time, the CEO was away from the office. This fact could have been known by the person who sent the phish, as a high-profile person’s travel for work is often publicly known. Because this attack was targeted, it was not easy to spot. One of the reply addresses was unfamiliar, but the other was the CEO’s work email address so the unfamiliar one could have been assumed to be their personal email address.

The request was also plausible, particularly since the information asked for was limited to names and email addresses.

Preventing against these attacks

The most effective way for an organisation to protect against this form of attack would be to have a policy of independently verifying requests for sensitive information. Since this might involve junior staff having to contact senior management to verify a request, employees need to be confident that they are expected to do so.

Take time to investigate before you act

A basic phish can usually be spotted by moving your mouse cursor over the link without clicking. The text that pops up when you do that will usually look different from what you might expect. This difference might be just one character. Moving the mouse cursor over the reply email address can also be helpful when in doubt.

The basic phishing email below is an example. It shouldn’t have been addressed to “undisclosed-recipients” as your bank can address an email just to you. And you can see the box that popped up when the mouse cursor was held over the link. An address of “alex-parus.ru/” does not seem likely for a New Zealand company to use.

Three things to do when you get a phishing message

1. Report it!

  • Let others in your organisation know. If you have IT support people, forward the email with a warning that it’s a phishing email. They should handle the rest. In a small organisation, let everyone know - but do not forward the message. People have been known to click on the links in such situations “to see what happens”! You can convert the link to plain text so people can see it, without it being so dangerous.
  • Report the phish to the Electronic Messaging Compliance Unit at the Department of Internal Affairs (DIA) by forwarding the email to scam@reportspam.co.nz or by forwarding the TXT for free to the shortcode 7726 (SPAM).
  • Let the other organisation know. If the message pretended to come from an organisation, then it’s helpful to let them know. It can take a little time looking on the organisation’s website (type the real web address in yourself – don’t click on that link in the phishing email!) to find where to report the spam

2. Delete it!

3. Get help!

  • If you responded to the phishing email with personal information, contact us using this form or phone us on 0800 803 909 (Monday-Friday between 10am-3pm).
  • You may want to seek help in handling enquiries by affected people. IDCARE is a sponsored support service. Contact them on 0800 201 415 or contact@idcare.org.
  • You should still report it as above. DIA may pass on your report to the Police, Netsafe or MBIE (Consumer Affairs) for further help.
Back
Previous Blog Post Next Blog Post

Latest Blog Entries

Back to top