It has come to our attention that many of our customers have seen an increased number of phishing campaigns over the last few weeks and it has become clear that there is some concern regarding the best way to deal with these emails. As an IT organisation ourselves, we know for a fact that security issues come in many different forms and it just so happens to be the case that phishing has the potential to be a very devastating variation of a cyber-attack. In the opening months of 2018, extremely convincing phishing campaigns have been catching vulnerable business off guard so we thought it would be prudent to provide some insight and practical advice when it comes to spotting and overcoming these manipulative messages.
1: Train your staff to know what to look for
Training your staff to be aware and vigilant of all attachments and links from unsolicited emails can be a great way to start preventing the possibilities of a potential phishing attack. All emails with attachments should be treated with caution, even those from friends, family and colleagues. Make sure you can spot common aspects of phishing emails, for example very unspecific information such as “take a look at this”. Phrases like this should raise concern, but whether they are hostile or not can be easily verified by replying to the email asking if the assumed contact actually sent the email. When you respond to these emails, the real person will receive the question and the virus or phishing attempt won’t receive your response. If the person says they didn’t send the email – good job – you just mitigated a potential dangerous attack.
2: Deceptive URLs and domain names
It is imperative that all links in emails or documents, recognised or not, are checked and verified. This is very easy to do. By hovering over links, you are able to identify the actual site the link will take you to, and if it looks suspicious simply do not click it. In addition to this, if a link takes you to a site asking for a username and password be wary. Check the address is correct and know that people might use very similar (misspelled) variations to fool their victims. Another common URL trick is to hide the address bar so you can not verify if you are on the wrong page.
3: The message contains poor spelling and grammar
Large organisations usually review every email, letter and notification for spelling, grammar and legality issues amongst a wide variety of other things. If an email contains poor grammar or any spelling mistakes, it’s likely that it’s illegitimate.
4: The email makes offers that sound too good to be true
If you get an email offering technology for extremely low prices (for example at a 90% discount) then you know it’s a scam. These emails usually tell the recipient that there is a “deal for a limited time” and often catch people out on their impulses for gratification. It’s highly likely they just want to steal your card details.
5: Asking for money to cover costs
Over the last few weeks, a wide number of phishing emails asking for payments to cover costs have been plaguing businesses all over the UK. The senders of these emails usually mimic an email address of a colleague (such as your boss) and will send you an email asking you to make the payment. These emails usually look extremely convincing and will base their attachment design off common invoices from banks, service providers and websites. The senders of these emails gamble on you not questioning the request of your superiors, as they pretend to be a trusted colleague, and therefore are one of the most manipulative.
6: The message is random and uninitiated
Phishing attacks often leech off of the popularity of services such as the lottery or other competitions to steal personal information. An example of an uninitiated attack would be receiving a message in an email claiming that you have won a competition even though you never entered one. These attacks can be successful because many people do enter competitions and draws such as the lottery, so there is a high chance the recipient can be fooled.
If you have any concerns or questions don’t hesitate to call us on 01189 186822 or contact us by email on firstname.lastname@example.org.