Cybercrime is on the rise – and at 83%, phishing is easily the most prominent method in 2022.
Over the last twelve months, 39% of UK businesses have identified a cyberattack – with nearly a third of those businesses estimating one attack a week.
Now, as technology advances, cybercrime is becoming more and more sophisticated – and at work, we’re more than likely to have our attentions diverted between many priorities at once, meaning that we’re generally not as alert as we possibly could be. However, with every successful phishing attack, the more common that it will become – meaning that it’s up to us to be more vigilant.
What is phishing?
Phishing refers to when a cyber-criminal sends a fraudulent message to a person – usually with the intent of linking them to a phony web domain to enter sensitive information into, or to deploy malware on their device through an attachment. This would be distressing enough on a personal level; but for a company, phishing can be devastating to any other devices connected to the shared network; can cripple IT infrastructures, and can hamstring your company’s ability to comply with GDPR.
Phishing commonly takes the form of an email, this can also extend to texts, and instant messaging platforms like Facebook Messenger and WhatsApp.
Absolutely anyone in an organisation can be a target for phishing– a new method, whaling, is when a cyber-criminal pretends to be a CEO, or another member of upper management – usually instructing a manager to quickly send funds to an emergency account. Because this instruction seems to come from a superior, a lot of managers don’t think twice about making the transfer until it’s too late.
So, what can we do to combat this? If you’re ever in doubt about an unsolicited email – even if it looks like it’s come from a legitimate company – before clicking an email link or opening the attachment, it’s imperative that you take a minute to slow down and examine the email first.
It’s also important to note that if you suspect an email to be a phishing attempt, don’t just delete it - always notify your IT department, to enable them to help your colleagues as well.
Tell-tale signs of a scam
Unexpected requests for sensitive information, especially relating to money, should always be a red flag – and usually, are dressed up to look like an urgent matter; such as an expired subscription or unusual activity on your account; which will require your username, password, and bank details to resolve. As a general rule, you’re better off contacting the company in question directly and verifying this with them, then notifying IT.
It’s also important to keep in mind that some viruses are able to access someone’s contact list and send scam emails while pretending to be their account. Since the email address is from a known person, it’s difficult for security systems to filter them – and this is particularly dangerous when the email shares a link that, if clicked, could potentially gain access to your company’s email credentials as well.
Therefore, if a third party email is asking to be provided with your email credentials – even if it’s from a sender you trust at first glance - take the time to really examine the email address before you reply.
Is it an address you recognise, or is it just a string of random letters and numbers? If this is the case, you’re better off notifying IT. Is the company domain one you recognise? If it seems right, but the sender is unfamiliar, it may be worth separately contacting a different trusted contact within the same business – on a trusted number or email address - to check that the sender’s identity is legit.
Lastly, always be on the lookout for spelling mistakes – especially in email addresses. Bad spelling and grammar is a classic tell-tale sign of a scam. If you’re not confident in your own literacy skills, try reading the sentence aloud to see if it sounds right to you when spoken.
Ultimately, if you’re still not sure about how to proceed, ask a member of your IT department to look at the email with you. Even if doing so seems like a waste of time, it’s worth doing – after all, it’s better to be safe than sorry.