IHK warns: Dangerous phishing emails target companies!

IHK warns: Dangerous phishing emails target companies!

The alarm bells are ringing! The South Thuringia Chamber of Commerce and Industry (IHK) recently issued an urgent warning about a new phishing campaign that specifically targets its member companies. These sneaky emails ask companies to update their details such as name, address, mobile number and IBAN. Particularly perfidious: The attempts at deception seem credible at first glance, as the attackers use IHK logo files including a portrait photo and a signature of a supposed IHK employee. But the first signs are deceptive, because it is noticeable that the emails do not contain any umlauts or the ß, which is a clear indication of the forgery. insuedthueringen.de reports that the IHK has not targeted highly sensitive data, but is urgent about opening the links and entering data advises against. There is a risk that the information obtained could be used for future social engineering attacks.

The IHK has already informed the hosting and domain service provider of the fraudulent website so that it will usually be deactivated within a few days. In order to be able to help member companies better, the IHK recommends being vigilant and paying attention to some important information when sending emails, including personal salutation and sender address as well as common spelling errors and conspicuously urgent wording.

Protective measures and prevention strategies

But how do you recognize phishing attempts and protect yourself from them? Advice from experts such as the Federal Trade Commission shows that it is essential to verify the alleged sender's website or phone number to avoid falling prey to malware downloads or fraudulent schemes. Communicate with colleagues to clarify any confusion about such requests. If in doubt, it's best to call the sender of the email - but use a number you know, not the one provided in the email. ftc.gov

On the technical side, many companies have invested in firewalls and anti-malware software. However, studies show that cybercriminals not only exploit technical vulnerabilities, but also target human trust and emotions. According to Verizon research, nearly 49% of employees revealed their password in under three minutes during a phone phishing simulation. This highlights the need to prepare employees well for social engineering attacks and provide ongoing training. cybersecurity.bureauveritas.com

Conventional safety training is often not sufficient. Instead, companies should rely on realistic simulations and targeted training programs to enable employees to recognize and ward off attacks at an early stage. This not only gives companies the opportunity to avoid financial losses and data misuse, but also to protect their reputation.

If you have any questions or further information, those affected can contact Holger Fischer from the IHK at any time. It's worth keeping your eyes and ears open - especially in these times of digital uncertainty!