As these attacks become more sophisticated, the risk of you or a member of your staff becoming a victim increases. To help prevent this, we have put together a list of quick and actionable tips below to help you better understand phishing attacks and know the best practices to help protect yourself and your business.
What is Phishing?
Firstly, a little breakdown of what phishing is. Phishing is a cybercrime where a target or targets are reached out to through email, telephone or text messages by someone who is posing as a legitimate business or organisation that lures individuals into providing sensitive information.
The most common information they hunt for is personally identifiable information, banking and credit card details, and passwords. By having this information, it allows increased opportunity for identity theft and financial loss.
So how do you and your colleagues make sure you don’t fall into one of these traps? Below we have listed some tips to help:
Know where the message is from
If you don’t know who’s sending the message, don’t open it. It sounds simple, but it is very easy to forget to check sometimes. The same applies to embedded links or attachments - if you’re not sure, then don’t open them.
Phishing emails are often sent to large quantities of receivers in the hope that someone in those hundreds or thousands will slip up and fall into their trap.
Make sure the subject is legitimate
You may often find that phishing emails will have some poor spelling, but they do this on purpose. Where you might get a lowercase “l” but it’s actually a capital “I” as substitute for one another, which without being careful, may slip under the radar. There are more glaring ones where the lowercase “l” might be “1” instead, or the “capitaL” is placed in the wrong place.
Phishers often do this to avoid falling in your spam or junk email box and jump through the right hoops to get to your email box quicker.
Similarly, grammar mistakes can be just as easy to miss as we often skim-read our emails - particularly if it’s later in the day and we’re getting tired. However, you will commonly find that there are some grammatical errors as they’ve likely been lazily typed with the primary intention of getting you to click through, as they’re likely not going through any proofreading before sending.
Check the addressee
The vast majority of our inboxes are filled with personalised emails now that will have our name, alias, or title. If this isn’t the case with the email you’ve received, there’s a chance that you might be receiving an illegitimate message and you might need to delve deeper to understand.
Are you asked to act quick?
Is the email asking you to react quickly and meet a deadline? Be aware of communications that are asking you to “respond in 24 hours” or, “you have been a victim of a crime, click here immediately”, and check to make sure you recognise what you’re going to click on before you do so.
Are they real?
Sometimes you will get emails that appear to be from high-ranking individuals in organisations (CEO, MD, Finance Manager), does it align with who it should be? Also, what purpose would someone in that position have to email you directly? If it seems suspicious then approach with caution and don’t click anything if you are not sure.
Do not give any login details
Only ever give your login details to a trusted source or website that you either feel confidently about or are familiar with. If you were to give this away it could allow hackers access to your account, where they may be able to access further details which could lead to a ‘business email compromise attack’.
Is the URL genuine?
Something that might get overlooked is making sure the URL for that you’re copying or clicking on is genuine and trustworthy.
A useful thing to do before you click is to hover over the hyperlink so it displays the full link either in a pop-up box or in the bottom left of your email client. If it the URL you see doesn’t looks legitimate then it is best avoided.
The most important thing to do when you think you have received a suspicious email is to report it. If you feel that you have fallen victim to a phishing attack, then the best thing to do is report this to your IT department as soon as possible.
The sooner this is actioned, the more likely they will be able to help and reduce the possibility of this causing any kind of damage.
Always remember that you must stay vigilant as there’s always a chance that something will slip under your radar, but by keeping these tips in mind you can reduce the risk of being a victim and potentially help someone else avoid that risk. As much as something may seem nice in flashing lights saying, “Click me for …”, or “FREE …”, you may find that it’s far too good to be true for a reason.
If you need further assistance or would like more information about cyber-liability insurance, contact CLEAR’s cyber-insurance specialist Stewart Ruffles on 020 7280 3479.