Coating News, Articles, Industry Resources,

5 Ways to Stop Software Hacking in the Oil and Gas Industry

My friend recently received an email at work from UPS alerting him that his package was ready for pick up and to click on a link to confirm the package. He was having a busy day at the office so he scanned the email quickly and was about to click on the link. Luckily he decided to take a closer look and realized it was a phishing (scam) email.
 
What is Phishing?
 
Phishing emails like these usually appear as if they are coming from legitimate companies, services, or websites. They can even come from friends, family, or email addresses you recognize that have been hacked into. They usually contain a link that if clicked on can compromise your personal information or install malware onto your computer.
 
Many scam emails are easy to spot such as those that contain spelling mistakes or where multiple people are CC’ed on an email. However if phishing emails are executed correctly, they can do severe damage. In fact PhishMe, a company that trains companies to avoid phishing, found that employees typically click on bad links 56% of the time. Another study by The Department of Homeland Security showed that a shocking 40% of all cyber attacks in 2012 were targeting companies in the energy sector.
 
An important method to stop software hacking in the oil and gas industry is to recognize a phishing email and report it or delete it.
 
Phishing Email
credit: lonnypaul
 
Here are our top 5 Ways to Recognize a Phishing Email:
 
1) Generic Greeting
As criminals are usually sending out a mass of scam emails, they don’t usually have the time to address you personally. Phishing emails will generally have a generic greeting. If you don’t see your name in the email, beware.
 
2) Fake Links
Phishing emails usually have a link with a call to action. If you click on this link, it will allow the scammer to compromise your computer. The link will usually look legitimate, eg. www.amazon.com however if you hover over the link without clicking on it, the address that pops up will not be the same address.
 
3) Personal Information Requested
Legitimate companies will never ask you for your personal information via email. If an email asks for your personal information, it is most likely a scam.
 
4) Sense of Urgency/A Threat
Professional criminals (physical or cyber) generally try and intimidate a person by using threats or a sense of urgency. For example, you may be told your account will be closed if you don’t click on a link. This is a red flag.
 
5) From a Reputable Company
Many scam emails pose as large companies that have millions of users such as PayPal, Facebook etc. The email address they contact you from may also have the company name in it. However usually they will attempt one of the 4 steps above, which will indicate it is a phishing email.
 
If you are worried about cyber attacks at your company, a great way to keep employees alert is by training them to spot a phishing email. Companies such as PhishMe send employees test phishing emails. If an employee clicks the link in the test, they are redirected to training material that will educate them about phishing. PhishMe studies have shown that the open rate of links by employees can fall from 56% to under 10% with training.
 

TNphoto Tatsuya Nakagawa
Tatsuya Nakagawa is the VP of Marketing and co-founder of Castagra Products, a storage tank and wastewater coatings manufacturing company that is highly acclaimed for its sustainable coatings, cold weather tank coating applications, and its durable frac tank coatings. Castagra is used by the world’s top oil and gas field services companies.