Gone phishing – five ways to spot a spoof email -TEISS® : Cracking Cyber Security

People

Gone phishing – five ways to spot a spoof email

Daren Oliver, managing director of Fitzrovia IT, provides five top tips on how to successfully catch a phishing email before it sinks your business in a cybercrime tidal wave.

With the daily onslaught of dozens of emails landing in our inboxes, spotting a spoof or potential phishing attack isn’t always an easy task. While emails designed to dupe targets into providing personal information might be obvious at first glance, many are now so sophisticated in appearance, it can be difficult to decipher the above board from those that should be thrown overboard.

Phishing emails are a real problem for businesses, costing companies in the UK an estimated £29 billion annually. Whilst cybercrime will always be a danger online, there are some steps you can take to prevent phishing emails from successfully breaching sensitive data. Here are five top tips for helping to catch a phishing email.

Also of interest: Increasing compliance 

Don’t get reeled in by tempting offers

Tempting offers and deals from what look like legitimate companies may be hard to resist, but make sure you check their authenticity before succumbing and clicking on any links or handing over personal information, such as bank details. You can check their legitimacy by visiting the company’s website. Be sure to type their web address directly into your browser rather than copying it or clicking on it from the email as this might lead you to a spoof website that looks just like the real thing. If you don’t know the website address a quick Google search should help to verify it.

Don’t become click bait

If it appears you’ve been sent some files to download via a link from a client contact or colleague, make sure you check the validity of the sender’s information first. It is becoming increasingly common for cybercriminals to mimic actual contacts by sending emails that are frighteningly authentic. Unless you have been expecting an email from a particular individual or company, the best and easiest thing to do before clicking on a link or downloading any files is to pick up the telephone to the supposed sender and ask them directly if it was from them.

Also of interest: Data visibility: the antidote to Snake-bites

Don’t get caught out by ‘executive pressure’

One of the tactics used by cybercriminals is to use the power of executive pressure and social engineering to phish for information and obtain an advantage over their targets. Examples of this could be phone calls or texts from somebody posing to be a senior director or from HR making urgent payment requests or asking for potentially sensitive information. The person on the receiving end might feel obligated to hand over the information if he or she feels under pressure to respond or believes the person is acting in a senior capacity that they cannot question, even if they aren’t entirely certain who the person is.

To achieve this, cybercriminals will often use publicly available information on individuals’ social media accounts to identify targets to carry out such attacks. Therefore, make sure your privacy settings on any social media accounts are adjusted to the optimum level and consider removing any publicly available personal data that can be used to instigate a phishing attack.

Net some strong security software

It goes without saying that strong security software and password protection are essential to mitigating incidences and the intensity of cyber-attacks. But just because cybersecurity software is in place, doesn’t mean you can become complacent. Companies should regularly review their existing security procedures and policies to ensure they are up-to-date and relevant. You should also consider signing up to the National Cyber Security Centre’s scheme, Cyber Essentials, which provides businesses with cybersecurity advice and helps them to guard against the most common cyber-threats.

Also of interest: Fighting against phishing

Train your staff on how to catch a phish

According to leading industry research, over 90% of all successful cyber-attacks are as a result of information unwittingly provided by employees. It’s clear, therefore, that education is key – and that ignorance is often the culprit when catastrophe strikes. Training your staff to recognise the signs of a potential phishing attack could pay dividends and save you valuable time and money in the long run. Calling in a professional IT consultancy that can initiate a ‘friendly phishing’ service is a great way to test employees’ cyber savviness and will help to reveal any holes in the phishing net.

Daren Oliver is managing director of Fitzrovia IT, a London-based consultancy that provides cutting-edge IT solutions from across the globe. For more information, visit www.fitzroviait.com.

 

Comments