Phishing is one of the most common forms of cyber crime, with around 40% of UK organisations receiving phishing attacks daily. Unfortunately, it remains a highly successful tactic for cyber criminals.
To stop your organisation from becoming a victim, Akita has put together the following guide on how employees can negate common
- Approach emails labelled “urgent” with caution – Many people fail to scrutinise details when they’re in a hurry. So pressure is a common tactic used by cyber criminals. Take a minute to assess whether the request is likely and, if so, find a secondary confirmation method
- Remember to check email addresses – Scam emails often come from addresses that do not correspond to the sender’s name or suspect domain names (e.g. Barclaysbanking.net rather than Barclays.co.uk).
- Be wary of attachments and only open files you expect to receive – Attachments may look like harmless files. But many will contain macros and code designed to deliver. Organisations should have an attachment scanner as part of their anti-virus software; if they don’t, it’s time to upgrade.
- Be suspicious of emails full of spelling and grammar error – Legitimate companies tend to proofread their communications thoroughly. Oddly phrased greeting lines are another common indicator
- Avoid clicking links straightaway – Links could trigger automatic malware download. Hover your mouse over the link and your email client will show you where that link is pointing to. Only click if it’s a location you trust.
- Remember that even legitimate email addresses can be hacked – Known as business email compromise, the takeover of accounts. So, use common sense before responding to an email, even if you think you know who sent it.
- Never hand over private or sensitive information via email – Even if you think you know who data is going to, there’s no guarantee where it will end up. The easiest defence is not to share
- Verify any request for a change in payment details in person or by phone – Invoice cloning is a common fraud tactic. So, if bank details have changed on a payment request be sure to double check its genuine. And don’t necessarily trust the phone number given on the email or payment request; many scams are sophisticated enough to have this covered too.
- Approach sales enquiries with caution – This tactic doesn’t target you, but your customers. Much like invoice cloning, requests for quotes might simply be an attempt to get your quote/invoice stationary. Bank details are then changed and sent out to anyone who might pay it.
- Remember that phishing is not just conducted via email – Smishing (SMS phishing) and fraudulent messages on chat systems such as Slack or Teams are increasing in prevalence.
Think your organisation needs to be better aware of phishing tactics? Discover more about our cyber security training that encompasses practical testing of user awareness:
More Info
