Phishing attacks are constantly on the rise, and the way in which these scams are carried out is constantly evolving. They can come in the form of phone calls, emails, text messages or even social media posts or messages. They’re all designed for the same purpose though – to trick you into giving up personal or financial information.
In the 2021 Cyber Security Breaches Survey phishing attacks were identified as the most disruptive form of cyberattack for UK businesses. 83% of businesses who have identified a breach or attempted attack report experiencing phishing attacks at least once a week.
No matter how small a breach may seem, they inevitably cause disruption. Staff may be unable to work, data may be lost, stolen or damaged, or online services may be inaccessible to customers.
One of the best ways you can protect yourself and your business is to ensure you, and all of your staff, know what to look out for when identifying an attempted phishing attack.
It used to be easier to spot scams. They may come from an unusual email address, feature images or designs that appear slightly off, or contain grammatical or spelling errors. However, some scams are now convincing enough to fool even the experts.
The National Cyber Security Agency has these resources for reporting cyberattacks, along with advice on what you should do if you have been duped into giving up sensitive information.
So, how do you spot a phishing scam?
- Scams That Steal Your Information
Many online scams, whether over email, social media, or text message, will usually try to send you to a website where you need to enter your login credentials. These can appear to come from several sources, common ones include emails or text messages that appear to have come from:
- Microsoft
- Amazon
- Courier companies
- Government departments
- Banks
The website you will be presented with when clicking on a link will look convincing, but when you enter your login information there is usually a small program running in the background commonly referred to as a keylogger. This software tracks the keys that you enter, leaving your usernames and passwords vulnerable to cybercriminals.
The best thing to do if you receive an email like this is to go directly to the website the email appears to have come from. Do not click on any links or call any numbers in the email. Always remember that you will never be asked to provide personal information over email.
- Scams That Install Malware on Your System
Some cyberattacks are carried out by sending an email with an attachment. If you don’t recognise the email address and aren’t expecting anyone to send you an attachment, then the best practice is to simply delete the email. You should always avoid opening attachments unless you are 100% sure of the sender’s identity. While the attachment may look harmless, once opened it can quietly install malware without you knowing. If you’re unsure contact the person the email appears to be from directly.
If an email asks you to click a link – for example, HMRC or Microsoft – open a web browser and navigate to the official website directly, rather than clicking on the link.
Along with educating all users, to protect yourself from cyberattacks, you should also practice good password hygiene and ensure you have robust email security in place.