Brexit update: Phishing is a big issue!

Fishing is not the only contentious issue for Brexit, there is another ‘phishing’ issue businesses are having to deal with across Europe and the UK.

With genuine Brexit updates being sent by most organisations — private and public — ‘Phishermen’ are having a field day! Malicious phishing groups are capitalising on the anxiety around Brexit and the outcome of the talks.

Over the last 61 days, data from across 29 countries reveals that there is a massive surge in phishing emails across Europe and the UK owing to anxiety particularly among businesses around Brexit talks. Phishing using the identities of Customs/Tax authorities across Europe and the UK, Commercial and procurement departments of organisations doing significant cross border business between Europe and the UK, as well as Fake tax consultancies being the most prevalent.

The calls to action in these phishing emails vary from asking businesses to confirm that they are going to remain unaffected as of January 1, 2021 — but this needs to be confirmed by them by clicking a link, to seeking confirmation that UK business will be treated as a ‘third country’ for the purposes of Chapter V of the GDPR, to ‘Click Here’ to re-register yourself on our procurement portal in preparation for Brexit, are the most prevalent.

Businesses receiving updates about Brexit in their emails from known annd unknown senders, ‘must’ treat such communnications as phishing, until they verify it as genuine.

‘Guilty until proven innocent’ or Zero Trust’ are the principles to abide by.

Genuine senders communicating with their business partners and organisations about Brexit must avoid the use of words and phrases that may remotely emulate what phishers are doing right now. ”

— Ankush Johar, Director HumanFirewall, a Human Cyber Risk Management & Phishing Detection and Response Platform.

WHAT CAN BUSINESSES DO?

1. Phishers use recent events of importance and popular topics like BREXIT to send malicious links and malware (malicious software).
2. Carefully analyse the identity of the sender for emails mentioning the word Brexit.
3. ‘Think before you click’ before you click on emails that contain the word ‘Brexit’. When in doubt, verify using other means like calling the senders to ensure they are genuine.
4. If emails ask you to share information that can potentially be used to harm your business or ask you to pay some money, STOP and think why a genuine company would ask you to do this.
5. If the ‘call to action’ creates a sense of urgency, or offers an incentive, or creates a sense of fear, causes you anxiety — you can be certain that it is possibly a phishing email.
6. Spread Security Awareness among your employees to watch out for such attacks, or run Phishing Simulations on your employees, to beat the hackers at their own game. (Get your free Brexit Security Awareness Training and Phishing Simulation Kit from HumanFirewall.)

(Source: Study conducted by HumanFirewall.io from Oct 15-Dec 16, 2020 across 29 countries)