How to avoid phishing attacks within a business.

The most popular type of scam attempt by cyber criminals, phishing, comes in the form of emails. Scammers work on the basis that if they send out enough of these fake emails, someone will eventually take the bait. You need your staff to be on the lookout for anything that might ask for personal information such as your bank details, logins, passwords etc. The scammers are on the hunt for any information that can allow them to gain access to your accounts and take on your identity. The emails may also contain fake website links that allow the scammers to access your device and therefore your company network. Here, we’ll take you through what you should look out for and how to avoid being scammed.

Scammers are targeting by chance, not being specific to the individual. They don’t know whether you work at a large organisation or are a sole trader or even if you work at all. No one is safe from being targeted and it is important to understand that. Also, it’s not safe to assume that you won’t get scammed. We’ve all had those days, haven’t we? The ones where we’re not on it or are a bit stressed/preoccupied? Scammers rely on us having those days. That’s when we’re most vulnerable to attack, when we let our guard down, so to speak. Arm yourself with information. Train yourself to always be on the lookout and then you’re more likely to be able to spot a scam, even on those off days.

For 6 ways to avoid being phished, read on.

  1. Block and defend – to reduce the likelihood of an attack, make sure you install proper email protection software. Although not foolproof (nothing is, truly), email security software can capture around 90% of fake emails, which is a good hit.
  2. Use MFA. Let’s say an attacker does know your passwords. What then? If you’ve installed MFA (multi-factor authentication) on your accounts, you’ll prevent them from getting through. You might find that you get a random text message with an OTP (one-time password) code. This happens when MFA is switched on and if anyone has managed to get into your account via your password, they can’t get any further.
  3. Know your weak spots – if you take a good look at your organisation, you will get to know potential areas where an attacker might be able to get through. Where are these weak spots? Human error is usually the main gateway for phishing scammers (remember those off days?). Start with your staff, arm them with the knowledge they need, and educate them on the ways to spot a fake email.
  4. Look for the signs – phishing emails are obvious when you know what you’re looking for. There are definite ‘mistakes’ that are made and these can include any or all of the following:

Spelling, punctuation and grammar errors within the body of the email.

Graphics that are of poor quality and design.

Names spelled wrong, using both your name and surname, addressing you in a generic way such as ‘valued customer’.

Any kind of immediacy, urgency or threat within the email. For example, saying you have been the victim of something and need to act ‘immediately’.

Anything asking you to make a payment to a bank account.

It appears to come from someone you know but the writing style seems ‘off’.

If it’s too good to be true, it usually is.

The email of the sender has a mistake within it.

  1. Ease of reporting – encouraging staff to be transparent about phishing emails is the best possible policy. No one should feel as though they have done something wrong (and thus try to hide it) if they happen to get caught out. It’s important that you react quickly should an attack occur, therefore you cannot afford for anyone to keep it to themselves.
  2. Be social media savvy – attackers can be clever enough to do their homework. They can take information about you that is readily available on the internet and use that to their advantage, whether to make threats or whether to make their emails seem more convincing. Be smart about what you decide to share on social media.

What do visitors to your website need to know? What can be removed that might be useful to any potential hackers?

What could, or what do, suppliers, contractors and partners potentially give away about you online?

It’s not about retracting from using social media altogether, it’s about being wise with regards to your digital footprint.

CPNI’s Digital Footprint Campaign has lots of useful information that can help you understand and avoid the risks.

To help your business avoid any phishing attacks, we strongly recommend a cyber security health check. This will analyse your devices and IT network for any potential loopholes.  You can find IT support companies that offer this service for free.