CYBER SECURITY

The customers were requested to transfer open invoice items. In return, they would have received a fake Banner bank account for a monetary transfer. Unfortunately, domain spoofing cannot be stopped entirely and this is why it is extremely important for each of us to be vigilant and know how to recognise phishing emails. This year, Banner has tightened its IT security considerably and e-learning modules for sensitisation against cyber attacks are in use at the locations in Linz-Leonding, Traun and Energy Solutions.

Moreover, the rollout of these modules and phishing simulations are currently in progress throughout the group. Up-to-date information on IT security topics is distributed via the bulletin board, the IT security newsletter, info screens and info boards. Moreover, external IT security experts provide the IT department with regular support regarding improvement measures, current threats and security gaps.

• Sensitive content. Do not respond to requests such as, “Please enter your password, account details, etc. via the link.” No serious company would make such a request.

• Link preview. Hyperlinks are often created using the correct notation, however they frequently have another objective. One example from our phishing simulation: The linkname intranet.bannerbatterien.com led to the bogus destination officeonline.com-s02net. If you run the mouse over the link, you can determine if the name corresponds with the destination, but never click the link! This can lead to the installation of malware!

• Urgency. In stress situations, people are easier to manipulate. Therefore, especially short time windows are an indication of fraudsters. An example, “Re-enter your password within an hour, otherwise your account will be closed.”