Detect and protect against phishing: Cyber Security Awareness Month 202111th October 2021
With week two of Cyber Security Awareness Month 2021 underway, we’re taking a closer look at phishing attacks and scams, which have thrived since the pandemic began back in March 2020
As we covered in our previous blog, remote working has exposed a huge cyber security weakness for many organisations, with employee’s unsecured personal devices posing a particular risk.
Phishing is in no way a new threat to businesses. It has existed for many years and yet still continues to be one of the most popular types of scam employed by cyber criminals. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails, or directing victims to fraudulent websites in order to obtain logins or other sensitive information. Looking at recent statistics, UK Government figures show that phishing was by far the most common form of attack faced by businesses over the last year, with 83% of businesses and 79% of charities experiencing a phishing scam. During 2021, a number of phishing scams have become wide-spread and even garnered media attention, such as the rise in Royal Mail related SMS phishing scams.
How to protect against phishing
With phishing attacks so prevalent and some being incredibly convincing on the surface, what can businesses do to protect themselves? Educating their staff about how to spot these phishing scams is vital, as is promoting vigilance. With this in mind, here are some top tips about how to identify phishing scams:
- Don’t fall for ‘urgent’ emails – these typically use scare tactics to trick victims into taking immediate action.
- Never click links or download attachments from an unexpected email or text.
- If you receive a suspicious email from an official organisation, report this to the organisation via their website.
- If you are prompted to make a payment or charity donation, type the organisation’s web address into your browser rather than following an email link.
- Hover but don’t click on email links – if the alt text does not match the display text or appears strange, do not click.
- Check your accounts regularly to ensure no changes have been made without your knowledge, this will make spotting phishing attacks easier.
Friendly spear phishing
One specific form of phishing attack that has become more popular in recent years with the rise of social media is friendly spear phishing. In these phishing attacks, a specific individual is identified (typically via social media) and then targeted by cybercriminals. In these attacks, criminals often use fake or hijacked social media accounts to engage in friendly conversations with victims, as a way of lowering their guard. Once they believe that trust has been established, the scammer will send a Microsoft Word document and ask the victim for them to review and advise. Upon opening the document, the victim will be prompted to enable macros, if they do, their system will download and install dangerous malware. In order to protect against this sophisticated phishing scam, here are some things that you can do:
- If an individual you’re talking to sends you files to download, consider if they seem out of character. Are they using the same language and grammar as usual, or does something seem off?
- Before enabling macros for a file, contact the sender via phone or text to verify who created the file, what it contains and why you need to enable macros.
Educating staff about how to detect phishing scams is one of the best lines of defence available to organisations, along with promoting vigilance and easy-to-follow guidelines. But unfortunately there is always a chance that a phishing attack will be successful, infiltrating an employee’s device or compromising a business’s website. In these instances, it’s vital that businesses have protection, which is where our CyberSafe solution can help. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support from ReSecure.
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;