The standard security mantra is to avoid phishing emails.
That assumes your employer’s security interests coincide with your own. Yes?
If you are being sexually harassed at work, were passed over for a job position, your boss has found a younger “friend” to mentor, etc., there are an unlimited number of reasons for a differing view on your employer’s cybersecurity.
The cybersecurity training that enables you to recognize and avoid a phishing email, also enables you to recognize and accept a phishing email from “digital Somali pirates” (HT, Dilbert).
Acceptance of phishing emails in tax practices could result in recovery of tax returns for public officials (Trump?), financial documents similar to those in the Panama Papers, and other data (Google’s salary data?).
If you don’t know how to recognize phishing emails in the tax business, Jeff Simpson has adapted tips from the IRS in: 10 tips for tax pros to avoid phishing scams.
Just quickly (see Simpson’s post for the details):
- Spear itself.
- Hostile takeovers.
- Day at the breach.
- Ransom devil.
- Remote control.
- BEC to the wall.
- EFIN headache.
- Protect clients.
- Priority No. 1. (Are you the “…least informed employee…?)
- Speak up.
Popular terminology for phishing attacks varies by industry so the terminology for your area may differ from Simpson’s.
Acceptance of phishing emails may be the industrial action tool of the 21st century.
Thoughts?