A Business Guide To Phishing

You’ve most likely heard of the term phishing in relation to digital crime. This particular type of cybercrime is rife in the UK. And it targets many different businesses – regardless of their size, industry, or sector.

Here we will dive into some important questions related to phishing and how businesses can effectively protect themselves.

What is phishing?

In a nutshell, phishing is when a cyber criminal persuades a user to take an action that unwittingly gives them access to devices or information.

The hacker uses bait such as a convincing email, or an important request, that spoofs an official company, or even a colleague. Here are a few examples:

• A fake survey that offers a high prize reward. The user clicks the button in the email and either accidentally downloads malware onto their computer or gives away important credentials such as passwords or banking information by completing a form.
• An email request that contains a spoofed invoice from a trusted employee or contractor requesting a payment or bank transfer.
• An email from a social media company informing you that your account has been compromised and you need to log in to your account urgently. The recipient clicks the button, fills in their account details and gives away their login to the hacker.
• An email from a colleague that requests you to urgently click a link and download a document. The document contains malware or ransomware that compromises your system.

Types of phishing

In general, these types of cyber attacks happen through email. Recipients are sent fake emails that are highly convincing and encourage users to hand over important credentials, download

rogue files, or send money to individuals or organisations. However, these types of attacks can also happen through phone (vishing) and text messages (smishing).

Spear phishing relies on social engineering. These types of phishing attacks appear to come from trusted contacts. A criminal might cleverly spoof an email address for instance by changing just one or two letters or adding a digit to the end of a name. They rely on the fact that many employees or business owners will be too busy to thoroughly vet each email they receive and will click the link in the email or download a file.

Where spear phishing is often sent in a mass campaign to thousands of people, there are times when attacks are more focused. A criminal might take extra effort to tailor a message to a particular individual such as a high-level executive if they believe that the reward may be lucrative.

How to spot phishing websites

The most important starting point in preventing falling prey to phishers is to be aware of how they operate. The reason that these types of attacks work so well is that they can be highly believable upon first impressions. Logos, email headers and email addresses can all be effectively spoofed but upon closer inspection may reveal their true identity.

For instance, if you inspect the email address when opening the email you may find that while the address is highly similar, it is not the same. You might also find that if you hover over the link with your mouse before clicking you can see in the link preview in the bottom right corner of your screen that the address is not familiar to you.

The most revealing aspect of these types of emails is often the content itself. What is the recipient asking you to do – and does it set off alarm bells? For instance, is a contact urgently asking you to log into a specific website, or even send a money transfer? If so, you should contact the person by phone to confirm that the request is legitimate.

Protecting yourself

Despite being aware of the risks and the telltale signs of a malicious attack, there may be times when you or your employees forget to show due diligence or are outwitted by a scammer, and thus fall prey to attacks. To prevent massive breaches of security and financial losses – you need to have a failsafe in place.

An Experienced IT provider can help you to put in place systems that shield your business and your assets in the event of a security breach. For instance, by utilising tools like data backups and virtual systems. This can help you to avoid the downtime, reputational damage and spiralling costs that can accompany a phishing attack.

Here at ECL, we have a track record of successfully managing cybersecurity threats, data loss, and recovery. We provide IT support Services to put your mind at ease and to help you increase your protection against phishing. To learn more, get in touch with our IT experts.