For many, getting an email from their bank or one of their favourite brands is nothing out of the ordinary. People are increasingly interacting with businesses and brands through online channels because it’s more convenient and saves them time.
With more and more of our conversations happening through a screen, there’s a risk that many don’t always know who they’re speaking with. This is where phishing comes in.
What is phishing?
Phishing is an attempt by cybercriminals posing as legitimate institutions to obtain sensitive information, such as usernames, passwords and credit card details, for malicious reasons, from targeted individuals. Most phishing is done by email but can also be done via text message sent to Smartphones.
With many employees working at a computer screen these days, phishing affects companies as well as individuals. The Office for National Statistics figures published in 2017 revealed that almost half of UK firms were hit by a cyber breach or attack in the previous year.
Helping you spot something phishy
It’s not always easy to identify a phishing email, text or even phone call, but here a few tips to help protect your company and employees:
1. “Dear Customer…”
If they don’t actually address a named person but use a general greeting such as “customer”, an email address, or even “friend”. This is a major red flag.
2. Who’s it from?
Take a look at the sender’s email address or phone number. Is it different to the one usually associated with the person or company they are claiming to be?
3. Bad spelling
Emails and texts sent by a reputable company are unlikely to have spelling mistakes. Poor spelling, punctuation or grammar could be a sign that the sender is not who they say they are.
4. Deadlines and strange requests
Does the sender request immediate information or threaten that action may be taken or a benefit lost if a request or action is not taken right away? Usually a trusted company won’t behave like this.
5. ‘Special’ offers
Keep in mind that old saying: ‘If it’s too good to be true, it usually isn’t’.
It’s important to take time to check links in an email or text carefully. It’s easy to copy the company’s name directly into a web browser to check whether it’s genuine or not before clicking.
Always use reputable anti-virus software and keep it regularly updated.
What to do if you’ve been caught
If your company or employees fall victim of phishing or any form of identity fraud, it’s important to take action quickly.
Change all passwords and contact banks or other providers, to let them know what’s happened and to look out for any suspicious behaviour.
Get Safe Online has lots of useful tips for using email safely, to prevent falling victim to phishing attacks.
If someone thinks they’ve been targeted by a phishing scam, it must be reported straight away to Action Fraud. Reporting potential fraud helps prevent future crime.
Forewarned is forearmed
By knowing what to look out for, you’ll be able to make sure your company is better prepared to handle potential phishing scams and you can help employees be aware of the risks too.