Cybercrime is one of the biggest risk businesses face today, and studies show that cybercriminals are most likely to target small businesses.
Phishing is one of the most common forms of cyberattack. This usually involves sending emails that claim to come from a trusted source, but which actually acts as a means of stealing sensitive information, or of installing malware on a user’s computer.
In this post we’ll share some tips on how you can effectively recognise phishing emails, to keep yourself and your business safe from cybercrime.
Want to discuss your cyber security risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.
What is Phishing?
A phishing attack starts with a message. This could come via text, or an app such as WhatsApp, though most phishing attacks are in the form of emails. This email may seem to come from a trusted source, such as a bank, a supplier, a shopping site, or even an individual from your contact list.
Phishing emails usually request that you take some kind of action. For example, it may say that there’s a problem with your account that you need to log in and fix. It will provide a link for you to follow. Sometimes, this link will take you to a fake login page. If you enter your details on this page, then cybercriminals will know your password, and they’ll have access to your account. And as a lot of people use the same password across the internet, if they can access one account, they can probably access some more.
But sometimes, clicking a link in a phishing email won’t take you to a fake login page. Instead, clicking the link will simply install malware on your computer. You might not notice anything’s wrong at first. But this malware will leave you vulnerable to much more serious cyberattacks in future.
Why Are Phishing Attacks Such a Risk For Businesses?
Phishing attacks are the most common of all cyber security breaches. According to a recent government survey, phishing attacks account for up to 89% of all cyber attacks in the UK.
There are many reasons why phishing attacks are so powerful, and so dangerous:
- Phishing attacks exploit human nature. They might play on your fear, through claiming that you’re in some kind of trouble. Or they may claim that you’ve won some kind of prize, or you’ve earned some kind of reward. And who doesn’t like getting free stuff?
- Some people get hundreds of emails every day. It’s easy to go into autopilot when you’re trawling through a packed inbox. And when you’re in autopilot, it’s easy to let your guard down.
- Even small businesses will have multiple members of staff receiving multiple emails every day. For a phishing attack to be successful, all it takes is for one member of staff to make a single mistake. After this, the cybercriminals may be able to mount a much more severe attack.
How To Stay Safe When Using Email and Avoid Phishing Attacks
Common sense used to be the best line of defence against phishing attacks. But cybercriminals are now more skilled than ever at creating messages that look almost identical to the real thing. You may not realise you’re clicking a phishing link until it’s too late.
So below we’ll share some general tips to help you protect yourself, and your business, against the threat of phishing.
Understand How Businesses and Individuals Use Email
Above, we mentioned how phishing emails might play on your fears and other emotions to get you to take action. You can stay resilient against phishing attacks if you remember the following:
- Banks will never email you to ask for any sensitive information. If you get an email from your bank saying that there’s some kind of problem with your account, delete the email and call your bank directly. If there’s something wrong, you can sort it out over the phone.
- Businesses never give away free products or vouchers out of the blue. If you get an email claiming to be from a retailer, congratulating you on winning a contest you didn’t enter, then it’s definitely a scam. Remember: If something seems too good to be true, then it probably is.
- Some phishing attacks claim to be from individuals rather than organisations. You might get an email claiming to be from your manager, asking for a login or some other sensitive information. If this happens, call the individual, or try to talk to them in person. If the message was authentic, they can verify it themselves.
Learn to Spot the Telltale Signs of a Phishing Email
Though phishing attacks are getting more sophisticated all the time, certain red flags are still common. Look out for the following:
- Spelling errors, or inconsistencies in grammar or formatting.
- Who is the email addressed to? Your bank, for example, probably won’t refer to you by your first name. And it’s unlikely that any business will refer to you as “valued customer”.
- An urgent subject line. Look out for words like “warning” and “congratulations”, and for an overuse of capitalisation, exclamation marks, and other punctuation.
- A sense of urgency in the email. It might say that you have just 24 hours to respond, for example. Most, if not all businesses, give their customers plenty of notice for sorting out any issues. A tight deadline, or a demand that you reply “immediately”, is a strong sign that something’s not right.
Look At The Email Address
First, look at who the email came from. If it came from an individual’s email address, but it’s claiming to be from an organisation, then it’s fake. Also check the domain name, which follows the “@” in the email address. Does it match the organisation that claims to have sent the email?
Check Any Links Before You Click On Them
Phishing emails usually contain links that will send you to bogus websites. To disguise the destination, that link will usually be embedded into the text of the email, like this.
You can check on where a link will take you before you click on it. Just hover your mouse over the link without clicking it, and you should see the link’s destination appear at the bottom left of your web browser.
Hover your mouse over this link, for example, and you’ll see that it’s a link to the Anthony Jones homepage.
If the link looks dodgy, or if it’s in no way related to the individual or organisation mentioned in the email, then don’t click it! Instead, delete the email immediately.
Cybersecurity Tips For Business Owners
You can work to keep yourself safe from phishing attacks. But as we mentioned above, every member of staff that uses computers in your business is a potential attack point for cyber criminals. So you should take steps to protect your whole business from phishing attacks and other forms of cybercrime.
Train Your Staff
Make sure everyone in your business understands the risks of phishing attacks. Provide training on how to spot a fake email, and on the steps people should take if they accidentally click on a phishing link.
Provide refresher training courses at least once a year, so that your staff can stay up-to-date on the latest cybersecurity risks.
Get a Dedicated Cybersecurity Team
A dedicated cybersecurity team can help safeguard your systems against cyber-attacks. They can verify and enforce software updates, advise on the use of firewalls and antivirus protection, and provide ongoing training to staff across the organisation in understanding the risks of phishing and other attacks.
Cybersecurity teams will also devise and implement cyberbreach response policies and procedures. This way, if your business ever falls victim to a phishing attack, the cybersecurity team will be primed to respond in such a way as to minimise the damage.
Read our full guide to the vital work of a cybersecurity team here.
Get Cyber Insurance
A dedicated cybersecurity team is increasingly becoming a business essential. So too is specialist cyber insurance.
In the event of a data breach, cyber insurance will cover your business’s liability as well as your ability to manage the impact on both your systems and finances.
If you have any questions about business insurance, or if you want to discuss whether cyber insurance is right for you, we have a team of experts ready to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.