Protect Your Business From Phishing Scams

Written By Billie Brown-Wahanui

Phishing is one of the most prevalent cyber threats facing businesses today. Thousands of New Zealanders and organisations included have had experience with phishing scams. Phishing is a scam where someone pretends to be someone/something to gain sensitive information from you.

Most phishing attacks are perpetrated via email, although some use social media, text messages, and phone calls. A majority of malware infections get delivered through phishing emails. But regardless of the channel used, the phisher’s goal is to make the communication seem genuine and unquestionable. This usually means taking on false but convincing personas such as a fellow employee, customer, IT expert, manager, celebrity, insurer, and so on.

A phishing email will ask you to click a link and enter personal information, open an attachment in the email, or buy a gift card or voucher.

How to spot the difference between real and fake emails:

To identify phishing scams, you need first to understand how social engineering works. Social attacks don’t prey on just the gullibility of their victims. They also take advantage of easy-to-provoke human emotions such as worry, greed, anxiety, joy, anger, and even grief. 

Phishers are crafty, but you can still see through deception if you are keen-eyed enough and know what to look for.

  • Unknown sender, sometimes with a vague identity

    Off-brand tone

  • Inconsistencies in the sender’s branding, identity, email address, or domain names

  • Unusual requests, such as downloading a file, installing a program, providing credentials, logging in through the link provided, or forwarding the email

  • Generic salutations, such as “dear customer”

  • A sense of intense urgency

  • Shortened link leading to a suspicious login or download page

  • Brief message lacking helpful or detailed information

  • Poorly written text, often with grammatical and spelling errors

  • Suspicious attachments (strange file types, thumbnails, and file names)

  • Bonkers claims such as winning rewards and account suspensions

  • Bold threats for not complying with the request

How to protect your business against phishing attacks:

The most effective defence against phishing attacks is quickly training employees to recognize and respond appropriately to phishing advances. No matter how compelling, personalized, or well-crafted a phishing email gets, it always has a tell. This tell could be the unidentifiable sender, the unusual URL, the odd request, the timing, or the message’s tone. Teach your employees to spot even the most subtle red flags and report suspicious emails to the security team

In addition to phishing awareness training, urge all staff members not to click on links or attachments from unknown senders or give in to any demands for sensitive information. Also, keep in mind that the human element accounts for the majority of data breach incidents. So, take a holistic employee training approach that covers all possible threats facing your organization, not just phishing. A good grasp of the cyber threat landscape fully prepares your organization for whatever cybercriminals can throw its way.

There is also a variety of tools you can use to boost your protection against cyber criminals. If you want to learn more about how to improve your cybersecurity practices feel free to contact us or check out our information on the Essential 8 cybersecurity framework.

Have you been sent a phishing email? What next?

Delete the email. Also, report it as spam or block it first so you won’t receive emails from that sender again. If you haven’t clicked anything in the email your information is safe.

If you have clicked something/provided information:

  • Contact the service provider of any account that may be at risk

  • Change the account password - including accounts that use the same password. Turn on two-factor authentication.

Remember:

Phishing is not a threat to take lightly. Luckily, you can quickly mitigate most social engineering risks with the proper knowledge, expertise, and tools. You only need a high level of threat awareness and preparedness, a robust security infrastructure, and everyone pulling in the same direction. 

However, managing cybersecurity can be challenging and confusing, especially when you don’t know where to start. But don’t worry, you can count on us to do all the heavy lifting on your behalf. Don’t hesitate to contact us if you need expert assistance in reinforcing your cybersecurity defences.

Knowledge is power and one of the most effective tools against social engineering scams. The more you know, the less likely cybersecurity attacks are to successfully infiltrate your organisation.

Billie Brown-Wahanui
Previous

Business Continuity Checklist
Next

Small Holes Sink Big Ships - Business Continuity