What is phishing?

Technically speaking it is ‘the fraudulent attempt to obtain sensitive information for malicious reasons, by disguising as a trustworthy contact, normally in an electronic communication such as email.’ Realistically it’s every business owners nightmare. Staff clicking on a seemingly legitimate email and unlocking mountains of sensitive data, potentially causing a lot of damage to a business.

A phishing threat normally comes from a recognised email and links to a site which has been adapted by the attacker. The term ‘phishing’ comes from the angling idea of literally putting out some bait and seeing who takes it. With this highly deceptive and intricate plan, how can you be expected to know what a fraudulent email looks like?

How to spot an attack?

Although scrolling through the multiple emails we receive every day is a burden, taking the time to check emails from outside sources can make all the difference. Look at the preview of the email before you open it, does it look like something your bank, phone company or store would send? Are there spelling mistakes? Does the URL look right, are there any extra characters in it?

If this all checks out, using your initiative can go a long way. If the email is telling you that your credit card has been stolen or makes unrealistic threats like ‘unless you complete a form with your account number and address we will not be able to stop the money being taken,’ this is probably fake. If the message looks too good to be true, like telling you that you have won a trip but you didn’t enter any competitions, there’s a good chance it may also be fake.

What you can do if you suspect a phishing attack?

Educating staff and ensuring they understand the risks involved with clicking on a fraudulent email is a good place to start, the recommended best actions are as follows:

1 – Activate multi-factor authentication. This involves adding another protective layer beyond an initial password, similar to the authentication code used with online banking card readers.

2 – Training and awareness. Companies have implemented phishing specific training for staff on how to spot and effectively deal with these emails. Some have even taken to regularly sending out mock phishing emails to try and help see which staff are clicking on them and therefore offer further training. You can arm yourself with tips and hints to spot attack and learn how to prevent them by attending one of our Cyber Security workshops.

Security, cyber-attacks, phishing; it’s all a minefield and something else to add to the pile of things which business owners have to tackle. Our Cyber Security services include setting up the multi-factor authentication, generating and analysing mock email campaigns as well as providing training for staff; keeping your business safe and your mind free to concentrate on running your company effectively.