8 June 2021

Phishing is a cybercrime. Although it is one of the oldest types of cyber-attacks it is still very widespread and malicious. The perpetrators use fake disguised email as their weapon to commit the attack. They intend to trick the email recipients into thinking that the email content is related to something they want, need or already paid for, such as a request from their bank or a note from a client, even an email from their boss. The recipients are asked to either click a link given in the email or to download a file attached to the email.

The most successful phishing attacks are those where the attackers disguise themselves as a trusted entity, a real individual, or even a company which the potential victim might have done business with.

Technology registered giant leaps in the last years, likewise phishing messages and techniques are becoming more sophisticated and personalised.

According to the 2021 Verizon Data Breach Investigating Report, 36% of last year’s breaches involved phishing, 11% more than the year before. These attacks do not distinguish between personal, or work accounts and the perpetrators will try anything to get, either money or log in credentials from the victims.

Malta is no exception. May have already fallen victims, some on a personal level through their personal email account but others fell victims to a phishing attack on their work account. In the latter cases, the businesses suffered data breaches or ended out of pocket after wiring money to supposedly a client’s account which ended up being the criminal’s account.

Lately, one mass local phishing attack has the criminals impersonating MaltaPost p.l.c. This phishing campaign targeted several local email users and made them believe that the email is a final notice of an unclaimed undelivered postal package. Those who clicked on any of the links in the email were directed to a fraudulent website which resembles the official MaltaPost’s website. The purpose of the fake website is to steal the victim’s bank account information. MaltaPost p.l.c. issued warnings about this phishing attack.

There are many technological defences companies may invest in to protect their businesses against such attacks. Notwithstanding this, these can never be full proof all the time as phishing scammers innovate and become more sophisticated. Thus, coupled with the investment, awareness among all work email account users is key. Employees should not only be made aware of the risks associated with phishing attacks but should also learn what to look out for and understand which practices should be avoided to protect the work email account as much as possible.