The continued threat of phishing attacks

Despite a heightened awareness about cyber security risks, phishing attacks continue to hit businesses across the globe.

Phishing is where cyber criminals send messages aimed at duping individuals into revealing personal information, such as passwords and credit card numbers. A recent estimate has reported that 3.4 billion such messages are sent every day, worldwide.

Such attacks may use email, SMS or other forms of messaging and the end goal is to steal data or money. This may be by using the information that the criminals have obtained to access your systems, arrange payments, or install malware and then demand a ransom for the return of data.

Scammers continuously adapt their strategies to align with current news or trends. They will often create a deceptive storyline to manipulate you into clicking on a link or opening an attachment. Such messages may imitate organisations that you trust – for example banks, credit card companies or utility providers.

Typical content may say that the sender

  • Has detected suspicious activity or login attempts
  • Has identified an issue with your account or payment information
  • Needs you to confirm personal or financial details
  • Is attaching invoices (which are actually not genuine)
  • Needs you to click on a link in the message (which is actually embedded with malware)
  • Needs you to click on a payment link and enter card details
  • Is offering you a refund or free vouchers

Ten tips to protect your business from falling foul of phishing attacks

  1. Training. Ensure that your team are aware of the risks and receive regular training / reminders. Circulate simulated phishing test emails on a regular basis, to ensure that the training has worked.
  2. Consider every email as a potential threat. It doesn’t matter if the sender is familiar or if the email is a response to one you sent. Always be suspicious if an email contains a link, attachment, request for confidential information, or tries to appeal to your emotions.
  3. Be aware that although some phishing emails contain some obvious clues (such as coming from a random email address or containing errors with spelling / grammar), not all of them do. If you are unsure about an email, verify its authenticity by contacting the supposed sender.
  4. If you accidentally click on a malicious link or open an infected attachment, it is imperative that you act quickly to prevent a potential attack from spreading to other systems. Tell your IT team immediately.
  5. Unless you totally trust the site you are on, don’t give out financial information or personal data.
  6. Use unique strong passwords and enable two-factor authentication.
  7. Ignore pop-ups. They aren’t just irritating – they can be linked to malware. Close them by clicking on the X in the corner of the box.
  8. Don’t ignore software update messages – run updates as soon as possible.
  9. Remember that phishing can happen through texts or other messaging methods, not just email.
  10. Use email scanning software to vet mail and attachments before they reach your in-box. These will weed out a good proportion of malicious mail, but human vigilance is still crucial!

If you have any questions, do give us a call or enter your contact details here and we will contact you.

«
»