SMEs warned of new wave of phishing scams

Galway cybersecurity firm TitanHQ is warning the Irish public of a new phishing scam due to hit Irish shores, with SMEs likely to be the chief target.

Phishing scams hit an all-time high in the first half of 2022 and if last year’s ransomware attack on the HSE was any indicator, any organisation of any size could easily fall victim.

TitanHQ has warned Irish businesses to be on the lookout for the latest email scam, after a school district in the United States admitted last month to unwittingly transferring nearly €200,000 to an account controlled by cyber criminals, thinking they were paying their building contractor.

“We would urge people to be extra cautious and always verify the senders contact details”

The Floyd County school district in Georgia received an email requesting payment, supposedly from a company that had previously completed building work for a school in the district, called Ben Hill Roofing. 

They unwittingly made the payment and only realised their mistake after the real Ben Hill Roofing Company submitted an actual invoice. 

The school district explained that “Floyd County Schools has been made aware of a phishing incident. This cyber-attack resulted in funds being stolen from the school system by an outside source.”

What is spear phishing?

The attack is what’s known as “spear phishing”, which is a targeted attack where a cyber criminal poses as a trusted sender and will include information known to be of interest to the target, such as current events or financial documents that they might be expecting.

In a recent survey, TitanHQ found that 85% of organizations have experienced up to 17 types of security incidents in the past 12 months.

“Cyber criminals have become more and more sophisticated, finding ways to create scam emails and websites that look legitimate,” said Ronan Kavanagh, CEO of TitanHQ.

“We would urge people to be extra cautious and always verify the senders contact details. 

“If a vendor or customer you are familiar with contacts you via email, asking you to change their account payment details, or anything else that seems suspicious, then be sure to reach out to your direct contact at the company to make sure the request is legitimate.”

“The visible consequences, and the financial consequences, of these incidences are really ringing home with people. And the reality is they are becoming more sophisticated, they are becoming more prevalent, and they’re affecting all different areas, not just large entities like the HSE and Universities but also smaller businesses, many of which you just don’t hear about.”

Tips to prevent phishing attacks

  1. Learn to spot phishing attacks
  2. Improve Email security
  3. Provide training to boost security awareness
  4. Update web browsers regularly
  5. Install and use an antivirus program
  6. Disable popups and adapt a reporting policy
  7. Use a DNS filter
John Kennedy
Award-winning editor John Kennedy is one of Ireland's most experienced business and technology journalists.