you from becoming a victim! The threat around phishing emails remains high. Even more so since COVID-19 resulted in employees adapting to work remotely from their homes or through a hybrid approach, with time divided between homes and offices. The current conflict situation involving Russia and Ukraine has further heightened the cyber threat level of associated activities. Hackers quickly identified the opportunity Is the sender hassling you to do If unsure of the legitimacy of an email to take advantage of this unprecedented something or to take an action? portraying to be from a contact, verify its situation and raised their game around Never feel rushed into taking an action, authenticity by contacting them directly attempts to hack organisations. it’s a common tactic to hurry you into via independently verified contact details Employees within any organisation remain making a mistake. not from the details displayed within the its greatest asset, but they can also be its Is there an incentive to open an email just received! Pick up the phone greatest security threat due to their attachment? For example, something and verify. inherent trusting nature. Its far easier to nice if you comply such as a gift voucher hack a human rather than attacking or something nasty if you don’t i.e., a fake sophisticated system-based controls that speeding ticket or fake legal summons Think before you click, always assess may be in place. using fear in the hope to convince you to the content and context of an email, click a link or open an attachment. don’t feel rushed into taking an action, if The number of Phishing emails has in doubt pick up the phone to verify a increased by approximately 400%* globally Does the domain name/ email address request with the sender, report all over the past 18 months with employees look correct? Hover your mouse over the suspicious email to your organisation’s remaining a prime target, predominantly by email address or right mouse click to IT team through the relevant channels. being tricked into clicking a link, opening a check the email properties. Does the malicious attachment, providing personal spelling of the email address look correct or commercial data or unknowingly sending or have letters been replaced to fake a Disclaimer payments to a fraudulent recipient. domain name such as use of ‘rn’ to look The purpose of this publication is to provide a source of like an ‘m’? information which is additional to that available to the Phishing emails are effective because they Is the email addressed to you personally maritime industry from regulatory, advisory, and are quick, cheap and easy to send and can consultative organisations. Whilst care is taken to ensure or is it just generic i.e. Dear Sir or Madam? reach millions of mailboxes within seconds. the accuracy of any information made available no warranty Does its structure look genuine? Many of accuracy is given and users of that information are to be One click or response makes it worthwhile Phishing emails are not personalised, is responsible for satisfying themselves that the information is for the hackers. relevant and suitable for the purposes to which it is applied. something just not right? Trust your In no circumstances whatsoever shall North be liable to any Here are some useful hints and tips to instinct and report/ always ask for help person whatsoever for any loss or damage whensoever or watch out for when receiving an email to if unsure. howsoever arising out of or in connection with the supply help you stop becoming the victim of a An email contains a request for money/ (including negligent supply) or use of information. successful phishing attack: change of bank details held on file or to Unless the contrary is indicated, all articles are written with reference to English Law. However it should be noted Always assess the context of an email, provide personal details. Please be wary that the content of this publication does not constitute do you know the sender and were you of unexpected requests. legal advice and should not be construed as such. expecting an email from them or is it Remember genuine email accounts can Members should contact North for specific advice on particular matters. completely out of the blue or making an also be hacked. Please be wary of the unusual request? content of an email if the style of a If your organisation utilises spam filter message from a contact that you know warnings within the email subject or use suddenly changes i.e., the way they warning banners to advise that an email address you or their grammar/ use of has been sent externally to your language changes or they ask you organisation, be suspicious if the email is something odd and unexpected such as portraying to be from a work colleague clicking a link or opening a strange and internally but is marked as external. unexpected attachment.