How do phishing attacks work and what can you do to avoid them?
The Coronavirus has seen the number of cyber-attacks increase dramatically, with cyber criminals taking advantage of people working from home and without security measures in place. And as many businesses are thinking about moving to a more permanent remote or flexible working model, the cybersecurity risks that come with it need to be addressed.
Reports suggest email phishing attacks have risen by as much as 667% since lockdown began, so it’s vital that people know how to spot scam emails to prevent any disruption to business.
What is phishing?
Phishing is when a scammer sends an email that looks as though it has come from a legitimate source with an aim to distribute malware, steal login credentials or money from victims.
Right now, you might find an email subject line to include ‘Coronavirus updates’ or ‘2020 Coronavirus updates’, but phishing does not have to be Covid-19 related. Recent events have seen hackers impersonate the World Health Organisation, Zoom and Microsoft Teams, and the emails look very convincing.
How can you prevent phishing attacks?
- Be wary of emails containing links
If you receive something like this, it’s important to go back to the basics and don’t click on a URL if you do not recognise the source. Phishing attacks often use shortened links to trick the recipient into clicking – these go to fake look alike sites, so always place your cursor over the link to see the full web address before clicking. Also be wary if the email tries to create a sense of urgency, that you must click its link now. And if the content seems too good to be true then it probably is.
- Train your team to spot a phishing attack
As soon as you can, you should train your team in the basics of how to recognise and avoid phishing attacks. This includes never replying to a suspicious message or download its attachments and do not trust an email that asks for personal, financial or other sensitive information. Always look for typos, as quite often phishing emails contain misspelled words, and check the sender’s address – if you don’t recognise it, be wary that it could be an attack.
- Filter your emails
A good first line of defence is spam filters – this is a standard security tool, but very effective. Threat protection software such as Mimecast, acts as a gateway to your email account by scanning emails before they reach your inbox. looking for things that suggest an email may be fraudulent. Suspicious messages can be blocked, bounced or tagged with a warning before being sent on to you.
- Enter your data in secure websites only
Make sure you read a full URL before entering personal information. In order for a site to be ‘safe’, it must begin with ‘https://’. The ‘S’ confirms it is a secure site and your browser should show an icon of a closed lock – Google Chrome marks ‘http://’ sites as “Not secure.” You should never log into a website that doesn’t use ‘https://’.
- Keep up to date on the latest phishing techniques
New phishing scams are frequently being developed, so ongoing awareness training is highly recommended. Spear-phishing is an advanced kind of attack, involving someone impersonating a trusted sender, like someone you know. They will often ask for account information, or for you to make a payment. This can be hugely effective, as you often won’t suspect a trusted contact or a company you’ve worked with to be a hacker.
If you’ve already clicked, or opened a suspicious email, don’t panic. Contact your IT department and let them know if you’re using a work phone or laptop. Open your antivirus software and run a full scan to clean up any problems it may find. If you’ve provided a password, change the password on accounts that use the same one – email accounts, social media, your computer, everything. The quicker you can stop hackers from getting in, the better.
At Aura Technology we can help with implementing cybersecurity measures and our business continuity solution involves a bespoke disaster recovery plan should you be affected by Covid-19 related phishing attacks. Contact us for more information.