How to spot a phishing attack on your business


The cost-of-living crisis this year has devastated many individuals and businesses across the UK. Unfortunately, such desperate times leave people vulnerable to cyber-attacks and open an opportunity for scammers to prey on these vulnerabilities.

For businesses, it is important to be aware of potential threats and educate your employees on how to spot them.


What is phishing?

Phishing is where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software on the victim’s device.

It is designed to appear as though it is from a legitimate source. If this type of vicious malware makes its way onto business devices or computer systems, it can significantly slow down programmes or create viruses, which then affects the performance and productivity of your employees.

The types of phishing attack

Currently, the cost-of-living crisis is the focus of many attacks. This can be via email, SMS, WhatsApp, or telephone, the most common channels for cyber-attacks.

There have been emails circulating pretending to be ‘Ofgem’, the energy and gas regulator for the UK. These claim to be offering energy rebates for the coming winter to help customers save money.

Similarly, there have been many text messages from different numbers sending a false link to claim money back on bills, forcing victims to part with card details and personal information. Quite frequently, scammers will ask you to part with your personal email address, leading to re-targeting in the future.

How can you be aware of these attacks?

  1. Advise your staff on how to spot a phishing attack

There are ways that you can train your employees to spot these types of attacks to prevent any malware being downloaded onto company devices, or parting with any personal details. If an email looks suspicious, you can firstly check the email address.

If it is one that you don’t recognise or does not have the official website in at the end, it is likely to be a scam. You can also check for grammar, typos, or low-quality images, as these are typical of phishing attacks. Additionally, never download attachments or click on links that you are unsure about, as these may cause harm.

  1. Visit the organisation’s official website

If an email or communication claims to be from a specific organisation, visit their website. The Department for Work and Pensions confirmed on Twitter that the Government will never ask for personal details over email or SMS, in a bid to combat the effects of scammers across the UK.

It is worth visiting their website or social media pages for guidance on how to contact them, so that you don’t fall victim to phishing attacks in the future. Ofgem published a guide to help the public with scammers, considering recent attacks.

  1. Call “159” if you are unsure

Last year, 159 was launched, a short, easy number that will connect you to your bank directly, if you receive a phone call about a financial matter. Their strap line is: “Stop, Hang Up, CALL 159”. If you are unsure whether communications about you bank or personal details is a scam, this hotline will help clear up confusion before you part with any information.

If you click a suspicious link or open a fraudulent email, it’s also a good idea to contact your IT provider.

As phishing attacks rise, it is important that your business has a secure backup and disaster recovery system in place, should an attack occur. Here at Aura Technology, we provide business continuity and cybersecurity measures to help you recover, should something go wrong. Contact us for more information.