Sapphire is a target for malicious hackers that want to steal or hold to ransom our company information or get access to your personal information or banking details. We need to be vigilant with incoming emails and the attachments they may contain.

1. Monitor your computer

Check your computer’s system tray regularly, to make sure the Sophos (the Anti-virus software we use) is in fact running and active on your PC. Your system tray is found close to your computer clock on the bottom left hand corner of your screen.

2. Watch for Unknown, Odd or Spoofed Email Addresses

• Pay attention to the sender’s email address, especially if the message comes from a previously unknown contact or seems in any way suspicious.
• If you are unsure;
  • never click on links in the email’s body
  • do not open any attachments
  • report the email (with a screenshot) to your manager

A common spoofing method is when they change the name of the sender so that it doesn’t match the email address. for example; you may see an email from Darryl Roggen in your inbox (Who you know), but when you investigate the email address it’s actually peter@hotmail.com. Here’s another example;

Another spoofing method is to use characters that are similar to actual letters in order to make the sender email address to appear to be from a recognisable source: For example, many Greek characters look similar to Latin letters, such as the Greek character “ε” and the letter “e”. Emails may use the Greek character instead of the letter “e” in the sender’s address, like this: “example@sapphirε.co.za”. Unless the recipient is paying attention, they might not notice the email address is incorrect.

3. Don’t Give Out Personal Information

Phishing scams usually appear to come from legitimate businesses, like your bank or a government agency like the IRS or the Social Security Administration. These emails will often contain URLs that link to malicious web pages asking for your private information, and the spoofed pages look very convincing!

Again, we understand that, in business, it’s not often possible to avoid giving away your personal information. Just remember: legitimate businesses, like the government or Apple, will never ask for personal information such as passwords, social security numbers, or credit card numbers via email.

Giving out your information can lead to drained bank accounts or even identity theft.

4. Avoid Strange Attachments or Unfamiliar Links

The best policy is to refrain from downloading files or clicking through links in a strange email unless you trust the source. Malware, viruses, and other types of malicious material can be easily downloaded to your server or computer through attachments or malicious links, such as the Dropbox link in the below example:

5. Seems Too Good To Be True? It Probably Is.

Another sign of a dangerous spam email is when the content seems too good to be true – often in the form of a promise for large sums of money or unprompted offers for advertisement opportunities. Such emails are almost always phishing schemes trying to collect bank account information from the recipient.

The goal of an email that seems too good to be true is to encourage the recipient to click a link and provide their bank account information – a classic phishing scam. These scams come in many forms, including the story about the government owing you money in the below example:

To further illustrate the growing threat every company and individual is facing with regards to their cyber security, please take a moment to read this article about the WannaCry Malware and how it has changed and multiplied over the last 2 years. Link