Dealing with malicious emails: Business Email compromise (BEC)
Cyberattacks are proliferating and evolving at a rapid rate, posing a serious challenge to Queen Mary. Criminals are increasingly targeting work email in order to trick anyone into transferring money, stealing valuable data or having unauthorised access to it. This is called business email compromise (BEC). Attackers use social engineering techniques, such as impersonating a person you trust, such as your manager or any vendors you are working with.
Attackers often conduct thorough research on your organisation, on the ways employees communicate with each other, or on which employees deal with financial transactions. These attackers then craft convincing emails which appear completely genuine to you, requesting you to take urgent action on sharing your credentials or transferring money.
We are developing more advanced defence in response to these new, more sophisticated phishing attacks perpetrated by cybercriminals, whose first entry point is work email.
There are various types of attacks you will come across; these are the following:
Malware: it is malicious software that can have a harmful impact if it has been installed and is able to run on your devices. It can cause your device to become blocked and unusable. It can steal your personal data or obtain unauthorized access to gain data from Queen Mary, through the credentials it has stolen from you.
Phishing emails: they are sent to steal personal and private details from a user. These emails tend to appear genuine and to come from a trusted source, such as a bank, a pension company or an online retailer. Most phishing attacks use psychological, emotional tactics and take advantage of the human instinct to act urgently upon bad or good news. The use of AI by cybercriminals will enhance these existing tactics and techniques as they will train AI models to steal your data.
Credential abuse: Malicious actors use stolen data to gain access to sensitive data, such as email addresses, credit card information, personal logins. By gaining unauthorized access to your accounts, they carry out malicious activities.
IT Services will never ask for your password or send you an email with a direct link to change your password. You will always be directed to the IT Service Status page and asked to follow the Password Reset Manager link from there. If in doubt, please call the IT Service Desk on 0207 882 8888, our lines are open 24/7 or raise a ticket.
What to do when you receive a suspicious email? A step-by-step guide:
1. Check the sender’s email- do not trust the display name:
We see the display name and assume it is from someone we trust or know. When you open the email and notice that the email address is not the address of the person you are expecting, this is due to headers being easily forged.
Also, note how the surname provided in the example above does not start with a capital letter. If this was from a legitimate source, i.e. a bank, they would not have emails in this format.
We advise that you use the ‘Think Before You Link’ app, (created by the Centre for the Protection of National Infrastructure) whose purpose is to help you identify malicious online profiles and be aware of the new AI-powered tactics deployed by bad actors to steal your credentials.
2. Spot the language of the message
Phishing emails use psychological tactics, aiming at pressuring you into making a quick decision, such as divulging your username and password to change your password or change your mailbox quota. Most emails will be written in poor grammar and will contain spelling errors. Remain vigilant if you see the email contains sentences that ask you to act urgently such as ‘send these details within 24 hours’ or ‘there have been fraudulent activities on your account, click here immediately’ These are the red flags for phishing emails you must be aware of.
3. Report the email:
If you are still working with a previous version of Microsoft Outlook with a simplified ribbon:
Do not click on the link nor open the attachment as it can contain malicious malware.
Please do not report or forward the message to the IT service desk. The message(s) you have reported are directly sent to the reporting mailbox (managed by the Queen Mary cybersecurity team), to Microsoft directly, or to both.
Once you have reported the message, you will get an automated report about the status of that message.
4. Further guidance:
Additionally, we recommend that you follow the following steps to reduce the risk of phishing: