What is a phishing attack?
Typically, this involves scammers sending out thousands of fake emails in the hope that someone will take the bait. The emails tend to ask for things like bank details, login details or other personal information. They may also include links to illegitimate websites. These emails aim to gain information for identity theft or to trick the respondent into sending money.
As scammers get smarter and wiser, phishing emails become more difficult to spot. Even the savviest user can miss them. It is important to understand that whatever the size of your organisation, you are not immune from receiving these types of emails.
That said, there are ways in which you can identify the most common types of phishing.
Here are 5 ways you can identify and avoid the most common phishing attacks.
1. Reduce the impact of successful attacks – Block malicious emails using email protection software such as Vade. It’s not fool proof, but it can filter out around 90% of them. Using MFA (multi-factor authentication) on email accounts can also help. An attacker might know your passwords but they will not be able to gain access to the email account if it is protected with MFA.
2. Understand how your organisation operates – how might someone target your business? Make sure you equip your employees with the information and knowledge they need to better prevent an attack. Train them to spot unusual requests. You can even extend this to your suppliers, for example, by telling them what you will never ask for when you contact them.
3. Spotting the obvious signs of phishing – there are definite signs to look for when trying to spot phishing emails. Of course, you can’t expect people to identify every single one, but you can train them to pick out the obvious. Look for:
• Grammar, spelling and punctuation errors.
• Poor design and quality of graphics.
• How are you addressed? By name, or as ‘valued customer’? Is your name written as you would expect it to be?
• Is there a veiled threat within the email? E.g., ‘you have been the victim of a crime’ ‘click here immediately’.
• An email appearing to be from someone high-ranking within your organisation but asking for payment to a particular bank account.
• The writing style of the email does not fit the person you know.
• Anything that sounds too good to be true usually is.
4. Reporting the attacks – it should not be a punishable offence if someone you employ gets caught out by a phishing email. Encourage everyone to speak out if they come across one. They should ask for help if they’re unsure or think they might have fallen victim. Should the worst happen, they would need to change passwords and run a scan for malware, so they mustn’t keep it to themselves.
5. Understand the impact of your digital footprint – your digital footprint is the information about you that is publicly available on the web or social media. Attackers are smart enough to use information about your organisation and staff to make their phishing messages appear more convincing.
• Decide what visitors to your website need to know. Take off anything that might be useful for attackers.
• Be aware of what your partners, contractors and suppliers give away about your organisation online.
• Don’t expect employees to remove every trace of themselves from the internet. Help them understand the impact sharing personal information has on both themselves and the organisation.
• For a range of useful materials see CPNI’s Digital Footprint Campaign to help organisations work with employees to minimise online security risks.
We have also produced a free video guide for you to share with your staff:
We strongly recommend a cyber security health check of your IT network and devices. Ask your IT supplier to do this for you. It will help your business avoid phishing attacks.
We’re here if you need us. For any business IT support or question regarding cyber security for your organisation, please don’t hesitate to contact us.
See out other free cyber security guides here
I want to avoid phishing attacks and need advice.