It’s a tried-and-tested method of stealing personal data and ripping people off, and it’s still bait that catches out people hook, line and sinker. Below, Total Business benefits from expert insight from Austen Clark, Managing Director of Clark Integrated Technologies, who discusses the best ways to avoid scams, especially as a business with a lot on the line.
Around one in every 100 emails received is a phishing attempt and no one is immune – all it takes is one employee to take the bait. In a company with 50 employees, that’s 50 possible attacks.
Phishing is loved by cybercriminals because it provides direct access to the most vulnerable part of any network — the end user.
They seek to trick the recipient into believing the message is something they want to read, impersonating retailers or paid services, giving them a reason to ask for your bank details in an email.
It may look like a request from a bank, the HMRC, or a takeaway firm, and will contain a link to an attachment.
A common scam is pretending to be a business and asking users to update the payment details on their profile or risk their account being suspended.
Never click links or input personal details, particularly debit or credit card information, when prompted to do so by an email, even if you think you know who the sender is.
If an offer in an email seems too good to be true, then it probably is. If in doubt, contact the business cited as the sender through official channels, website, email or phone, seek confirmation that the message is legitimate before you provide personal or financial detail. Don’t simply reply to the email – an option would be to send a fresh email to the sender and check the validity.
Don’t place yourself in a situation where you transfer money just “because you’ve had an email conversation with someone” that hasn’t been confirmed outside that line of communication.
One way to spot a phishing message is to pay attention to the email address of the sender. Often addresses used to send scam emails look dubious, containing numbers or a jumble of letters.
Genuine communications from established companies, banks or government departments will usually come from a simple address that uses the providers domain.
Other giveaway signs are misspellings, poor grammar and poorly presented text in the body of an email which has few logos OR poor branding.
Security awareness training is the number one way to fight back against phishing, as it raises awareness to reduce human error.
All it takes is one person, one time, to be careless and they could fall victim to an online deception. So always, be aware – and ensure everyone in your organisation are made aware.
Here’s my top five tips to help close the net on phishing:
- Ensure employees are on their guard – build awareness raising exercises into staff training.
- Use a SPAM filter that detects viruses and blank senders
- Keep all systems current with the latest security patches and updates.
- Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
- Have a security policy that includes but isn’t limited to password expiration and complexity.