Phishing Attacks – What Are They and How Can You Avoid Them?
Phishing Attacks – What Are They and How Can You Avoid Them?
Phishing attacks can be catastrophic for the reputation of a business. Unfortunately, they are becoming a regular occurrence for businesses in the UK and across the world.
Here at CAB IT Services we are experts in Cyber Security, we will go through how to spot a phishing attack, how to prevent it and what to do should you fall victim to an attack.
What is a Phishing Attack?
Phishing attacks are where hackers try to gain access to a system or shut it down by tricking users into ‘performing’ the attack on themselves.
The term phishing usually refers to email scams, where the user will receive an email asking them to check out a link and perform an action, like filling in a form or logging in to check a transaction. However, when they click on this link, malware will be installed onto their device.
In recent years, these attacks have moved into texting, social media, and phone calls.
What is the Purpose of a Phishing Attack?
The purpose of a phishing attack will vary depending on what the hackers are after. For some, they want to cause disruption and may take your computer systems offline; for others, their motives may be more sinister, and they may hold confidential information to ransom unless a fee is paid for its release.
How Do You Spot a Phishing Attack?
There are several ways that you can spot a possible phishing attack. Here are some top tips.
- An unknown sender – if you do not know the sender then it is best practice to proceed with caution with all attachments and links in their email.
- Strange/unusual context – is what they are asking you to do out of the ordinary? Would this person usually be sending you a link to something like this? If not, don’t click; you can always check with them to see if they really did send it.
- Check the email – see if the email address is from that organisation. Someone from HMRC will not be emailing you from a Hotmail account.
- Check for spelling mistakes – scammers often make spelling mistakes (though we are all human and this isn’t always a tell-tale sign). If the email does not look its best and is poorly written, do not click on any links.
- Get someone else’s opinion – a little help can go a long way; if it looks suspicious to them as well, then do not click on any of the links.
If you are ever in doubt of an email, text or phone call from a company, get in contact with them separately and they will be able to let you know if the contact was genuine or not.
If you do spot a phishing attach, you should just delete it or hang up. If it claims to be from a large business, look into reporting it on their company website by searching for the ‘business name’ + report phishing scam, to see whether they have a reporting page on their website. This can help prevent others falling victim to the same scam.
How Can You Prevent a Phishing Attack?
You cannot guarantee complete protection against a phishing attack, but there are several things you can do to protect your business and your data.
- Improve your spam filters on your emails – email providers like Outlook and Google give email addresses ‘sending reputations’ (measuring an email’s readability, level of spam and engagement). By boosting your spam filters to set the reputation of senders to high, you will receive fewer phishing emails in your inbox.
- Run on the ‘Principle of Least Privilege’ – this is where users in the organisation only have the absolute necessary authorisations to complete their work. Similarly, there is no personal admin account. This means that any admin activity will be on a separate ‘admin’ account that won’t be used for checking emails regularly or casually surfing the web. This will reduce the likelihood that anyone who does perform a phishing attack will have access to all systems and information. It will also make it easier to change all logins and credentials if the admin log in is separate.
- Set up two factor authentication – this is where a user will have to input a random code in when logging in. If they do not have this code, they will not be able to access the information.
- Report and share all suspected attacks – this can help to inform and educate your team about phishing emails and will encourage a culture of sharing which will help resolve incidents more quickly.
- Check what information is publicly accessible – do all company emails need to be available on the website? This can allow for hackers to spam more emails with a greater chance of success, by having generic email accounts like contact/info/help@email.com hackers will have less opportunity to get into your system.
- Hire a cyber security firm to conduct an audit of your company – this will allow you to understand your weak points and create a plan to improve them before an attack can occur. Our team at CAB IT Services can help here. We offer cyber security awareness training for employees that is enjoyable, engaging, and effective. Find out more today.
What to Do if You Think You Have Been the Victim of a Phishing Attack
First, don’t panic. These are some steps you can follow to minimise the damage:
- Disconnect your device – if you think you have just fallen victim to a phishing attack, take your computer off the network, Wi-Fi or unplug the internet cable. If it is not connected to anything then there is less chance of the malware to spreading to other devices. This also prevents anyone from remotely accessing the device.
- Make a backup of all your important files – you can do this through an external hard drive. This is more effective if you do this regularly in case of an attack.
- Change your logins for accounts – change all the passwords and usernames that you have stored on the device
- Alert any financial institutions of the attack – they can then place a fraud notice on your account should any suspicious activity occur they can freeze the transactions and check with you that the purchases are genuine.
- Report the attack – firstly to the authorities; they may ask for a copy of the email to investigate further. You should also alert the organisation the email was supposedly from, as many businesses want to prevent these scams happening to their customers in the future.
- Contact an IT specialist to help assess and recover – for any business, a data breach can be a serious incident, and if you are not tech savvy, understanding what to do next can be confusing and daunting – but we’re here to help!
How CAB IT Services Can Help Keep Your Business’ Information Safe and Secure
Keeping data safe and secure is a legal requirement for all businesses. At CAB IT Services we offer a range of digital services from IT support to cyber security to help keep your business and your information safe and secure. With over 100 years of combined experience, our team can help your business stay protected 24 hours a day, 7 days a week, 365 days a year.
Telephones / VoIP
CAB IT Connect is a VoIP telephone system hosted within your own private cloud and designed to integrated.
Business Continuity
Recover critical data quickly Should you experience a server failure. Yhe SIRIS can have your Windows or Linux environment and data recreated in minutes from the local device or the Datto Cloud.
Office 365 / Cloud
Office 365 is a cloud-based service hosted by Microsoft that brings together familiar Microsoft Office desktop applications with business-class email, shared calendars, instant messaging (IM), video conferencing and file sharing.
Cyber Security
According to over 1,700 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB.
Secure Destruction
Most businesses think GDPR only refers to personal data used for marketing and sales purposes, but…
The GDPR definition of data processing is wide, and a major part of the GDPR includes the erasure and destruction of personal data.
Procurement
Expert IT procurement plays an important role within the provision of IT services, especially as IT budgets are constantly under scrutiny and purchase decisions need to be justified.
Managed Networks
Modern offices seek a network infrastructure solution that intelligently combines voice and data networks. In order to optimize the performance of their converged network, it requires visibility, control and manageability…maximizing the productivity of users across the network.
Asset Management
As a key requirement of GDPR compliance for every business, it is important that the management of your IT Assets isn’t an admin task that is overlooked.
Web Design
We work with you to design and build a professional website that will truly represent your brand.
IT Support
We provide very flexible IT Support working effectively through one of our completely customised IT Support Packages.
Internet
Through a variety of connectivity partners CAB IT Services can offer a huge range of business connectivity services.
Wifi
Our Wi-Fi System is a scalable enterprise grade access point solution designed to be deployed and managed within any environment.
Network Infrastructure
In partnership with carefully selected third parties we provide network infrastructure data cabling installations in Bristol and throughout the South West.
