Phishing – What is it?
Phishing is when fraudsters and hackers send emails across to you imitating genuine corporations in an attempt to get you to reveal your personal information which can be used to take over your online accounts. Phishers can either send out their malicious emails to a broad range of people hoping to get a bite or specifically target their content towards certain businesses and employees.
There are 2 main types of targeted phishing: Spear Phishing and Whaling. Spear Phishing is when the Phish (Hacker) targets a specific employee within a business by including their personal information within their email to make the target click on their links, whilst Whaling is the same but directed at a more significant individual within the corporation, who may hold secure documents in their laptop or computer or control finances & financial decisions.
According to Check Point Research’s 2018 Security Report, 64% of organizations have experienced a phishing attack in the past year. Individuals and businesses as a whole must therefore understand and respect the importance of understanding how phishing works and how to be aware of when it might enter their inbox. Therefore, this article was written to do just this.
We’ve found some typical ways to identify a phishing scam:
- It tells you of ‘suspicious activity’ or ‘login attempts’
- Claims of an issue with payment information
- It will ask for some form of personal information
- It may include a fake invoice
- It will ask you to click on a link to make a payment
Now some questions and steps to consider when dealing with a potentially harmful email include:
- Asking yourself if you have an account with the supposed business.
- Check the email account it was sent from, as the name might show up as the legitimate business, but the email account might be completely fictitious.
- Is the email well laid out? Does the Logo look right? Most phishing emails are poorly presented and don’t seem very professional.
Once you’ve gone through these steps and still think the email is legit, try to locate the website or phone number yourself instead of clicking on any links it includes in the email as this could still be a phishing scam and can hack you through your click.
But I think I may have already clicked on a phishing email! What should I do?
Visit www.actionfraud.police.uk if you think they may have access to your credit card, bank account number, or anything that is crucial to your identity. They have specific steps to take based on the information that you have lost. They are the focal point for any crimes commit which have taken your personal data.
So what else can I do to make sure I limit myself or my organisations risk from phishing attacks?
As previously written in our “7 Cybersecurity Tips for Staff Working Remotely” blog post, we have denoted a range of ways to do exactly this:
- Watch out for remote working scams (Phishing emails & sites)
- Use a VPN
- Use robust antivirus software
- Install updates regularly
- Backup your data automatically
- Set up two-factor authentication for all online accounts
- Make sure you’re working behind a firewall
For any more information on how to make sure you have everything in place to keep yourself and your business as protected as possible, email us at firstname.lastname@example.org or call us today on 01727 861 553.