How to spot phishing attacks
As a business, you're a very juicy target for cybercriminals.
In this article, we'll look at some of the ways you can spot the bait that
phishing scammers use and provide real world examples of what to look out for.
Phishing, don't fall hook line and sinker...
What's a hackers favourite season? Phishing season! Sorry, I couldn't resist.
If you've landed here, you're probably wondering what phishing is, and you may have heard that it can damage your business in some way.
In this article, we're going to explain what phishing is, show you examples of what to look out for and give you five simple tips on how you can protect your business.
What is phishing?
Unfortunately, phishing has nothing to do with its angling namesake. Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.
Here are some quick facts that detail how pervasive phishing is.
- One in every 3,722 emails in the UK is a phishing attempt. (Source CSO UK)
- Around half of cyberattacks in the UK involve phishing. (Source PWC report)
- Only thirty-one per cent of UK organisations have done a cyber risk assessment in the last 12 months. (Source Gov.UK)
- Thirty-three per cent of UK organisations say they lost customers after a data breach. (Source Atomik Research)
How can a business protect itself?
Fortunately, there are several telltale signs that business owners can look out for. Here are five things to look out for.
An email that looks
too good to be true
Lucrative offers and eye-catching statements are created to attract your attention immediately. For example, many emails claim that you have won an iPhone, a car, or some other lavish prize. Just don't click on any suspicious emails. Remember, if it seems too good to be true, it probably is!
Creating a false sense of urgency
A favourite strategy amongst cybercriminals is to ask you to act fast because the 'super deals' are only available for a limited time. Often, some of them will even tell you that you have only a few minutes to respond. When you come across these kinds of emails, it's best to ignore them. Sometimes, they will tell you that your account will be suspended unless you update your personal details immediately. Most businesses give ample time before they cancel an account. When in doubt, visit the source directly rather than clicking a link in an email. This goes for emails from your bank, phone company or utilities provider.
Dodgy hyperlinks
A link may not be all it appears to be. One simple trick to check if a hyperlink is legitimate is by hovering over it. Doing this will show you the actual URL where you would be directed if you clicked on it. Look out for spelling mistakes. For example, www.bankofengerland.co.uk may look legitimate at first glance.
Email attachments
If you see an attachment in an email you weren't expecting or one that doesn't make sense, don't open it! They often contain payloads like ransomware or other malicious viruses.
Do you know the sender?
Cybercriminals are often very clever at imitating someone you may know. It may even be the case you get an email that looks like it comes from your organisation, perhaps an unknown individual from accounts@. Remain vigilant at all times.
Examples of Phishing scams
There's something phishy going on with these HMRC examples
Text message scams
Here you can see an example of a text message scam. Taking advantage of the Covid 19 pandemic, scammers have attempted to get business owners to click on links on their mobile phones.
Send any HMRC related phishing text messages to 60599 (network charges apply) or email phishing@hmrc.gov.uk then delete it.
Email scams
Here is another example that appears to be from HMRC. You'll notice this email is trying to direct you to the phishing website we see below.
Remember the trick we mentioned earlier? Hover over the hyperlink and you'll see the web address the phishing email is trying to send you to.
Webpage scams
Here you can see an example of a phishing website designed to trick you into disclosing personal information.
Always check the URL in the browser before filling in personal information. Check for spelling mistakes and rouge domain names.
How can you become unattractive to hackers?
We pride ourselves on being experts in the field of IT Support and security. Book in a call today and speak to one of our specialists who'll be able to help you understand your strengths, opportunities and threats in the world of cybersecurity and IT Support.
