You’ve likely heard the term Phishing. This was already one of the most popular types of cyber attacks. Which has only increased since the Covid pandemic.
So far in 2022, more than 3.4 billion phishing Emails are sent out daily. Almost half of the emails that were sent out in 2021 were phishing emails. A good amount will land in your or your employees’ inbox.
The consequences of falling for one can be staggering. Which is why it is important to educate yourself and your staff about them. Awareness is key in avoiding Phishing attacks.
Read on to find out what Phishing is, what are some of the common types of attacks and what you can do to defend yourself and your business.
What is Phishing?
Phishing is a form of Social Engineering attack. It’s commonly done through Email, but attackers also use Text Messages and Phone Calls as a medium. An attacker will send out a fraudulent message with the goal of extracting sensitive personal or financial information.
This can be used for monetary gain or to commit Identity Fraud.
Common types of attacks
A slightly more targeted approach to phishing. Instead of sending out bulk email to as many people as possible, attackers will instead target a group of people that have something in common. This could be things like the company they work for.
Whaling typically targets individuals higher up on the food chain. As they are highly targeted, whaling attacks will usually address individuals directly. These are often CEOs, CFOs and other decision makers who have access to information and data regular employees may not.
Vishing is when the attacker speaks to you over the phone. They will try to impersonate an individual or entity you would normally trust, to try and extract information out of you.
This is when the attackers attempt to trick you into clicking the pop-up which will lead you to installing malware on your computer or calling a fake support centre. The Pop-up will usually say there is a problem with your computer or a virus on it and you must act immediately.
How to spot Phishing Emails
We’ve already mentioned that email is the most popular method for attackers to run their campaigns. So how do you recognise a phishing email?
There are a few common tells that will help you decide if you’re faced with a phishing email. Keep an eye out for these, and if you spot them then the email is likely to be a phishing attempt.
- Email Comes from a public domain
Public domains are free to set up and maintain an email account. This means scammers and hackers will often choose those to run their campaigns inexpensively. ( e.g. gmail.com, outlook.com, yahoo.com, etc. )
- Misspelt Domain Name
Sometimes attackers will try to pose as a trusted known entity, for example Microsoft. To do this they will often use domain names that look similar but upon closer examinations will have spelling mistakes. (e.g. Mircosoft)
- Poorly written or out of context emails
Most phishing emails come from 3rd world countries where English isn’t the first language. Due to this, most phishing emails are written with broken English or lack coherence.
- Suspicious Links or Attachments
Never ever open links or attachments if you have the slightest doubt about the email source. A lot of criminals will conceal their malicious links by adding buttons. You can inspect the links by hovering over them on your desktop.
- Sense of Urgency
Scammers will almost always try to create some form of urgency in their email. This is usually a good giveaway that an email is likely a phishing scam.
What to do when you get a phishing email
There are several best practices to follow if you suspect you got a phishing email.
- Do not Open it – if you see an email from a suspicious domain it’s best not to open it all.
- Report it – Hackers are always looking for new and creative ways to improve the efficiency of their phishing mail. By reporting it you can help others avoid it too.
- Never click links – Never click any links that appear in the message. These will take you to fraudulent sites that will either ask you for sensitive information or download malware.
- Never download any attachments – Sometimes the phishing emails will contain attachments with malware.
- Delete the email – It’s good practice to just delete a suspicious email altogether. By doing so you avoid accidentally opening it in the future or clicking on something malicious within it.
Phishing Emails are very common within cyberspace. You and your employees will likely come across them frequently. Although their effects can be detrimental to you or your company, they can be easily avoided most of the time.
You can greatly minimise the amount of spam and phishing mail that reaches your inbox, by using email clients designed with security in mind. For example, Exchange mailboxes which is what we use at Globe2 come with Exchange Online Protection which includes great Anti-Phishing and Anti-Spam features and many more.
On top of that, learning how to identify phishing emails and following good practices you can make sure your business email is very secure. Despite this, you should still always be prepared for the worst.
Which is why it is important you have an Incident Response Plan in place. The National Cyber Security Centre (NCSC) has some useful tips about detecting incidents quickly and having an incident response plan in place.
You can also ask us for advice by leaving us a message. Use the form below and a team member from our highly rated support team will reach out to you.