How to Prevent Phishing Attacks
Did you know that the majority of major data breaches are due to phishing attacks?
According to a report from SlashNext they found more than 255 million phishing attacks over six months in 2022, which is a 61% increase in the rate of attacks compared to 2021.
Phishing is used by criminals to obtain personal information. Phishing can take many forms, but the most common type is email phishing.
Learn how to prevent phishing attacks by looking at our handy infographic and feel free to share it with your colleagues.
How to Spot a Phishing Email
Phishing emails are sent by rogues posing as trusted senders for the purpose of obtaining sensitive information or installing malware on the user’s device. Most phishing attacks are aiming to steal confidential information such as financial data, but they can also be the starting point of a Ransomware attack.
Let’s have a look at the structure of a phishing email by carefully scrutinising each section.
The To Field
Check if you are the only recipient. The email will often target multiple users at a time with ‘undisclosed recipients’ displayed in the to field. This indicates that the email is part of a larger campaign. Or they may be recipients listed in the Cc field. Do you recognise any of them?
The From Field
Who is the sender? Have you received emails from them before?
If you are familiar with the address check for spelling errors, for example Microsoft spelt with double s – Microssoft.
Does the email domain name match the name in the from field? For example, the email claims to be from Microsoft but the email domain it is sent from is iCloud.
If you have a relationship with the business sending the email and you are not sure about the content then communicate with them by phone to check the email is legitimate.
The Subject Field
What is the subject of the email? Phishing email subject lines usually prompt urgent action, or they may contain threatening language like ‘your account will be disabled if you don’t take immediate action.’
The subject line will often contain ‘RE:’ at the start pretending to respond to one of your emails.
Date & Time
What is the date and time that the email was sent? Was it sent during the week or over the weekend? If the time is outside standard business hours could the sender be in a different time zone? Look for unusual patterns.
Email Content
Check the content carefully. There are always plenty of clues as to the legitimacy of an email. How does it address you? A generic salutation such as Dear Valued Customer is a bit of a giveaway.
If there are multiple spelling and grammar errors this raises suspicions.
Are the words used urgent and threatening? Common words included in phishing emails include urgent, critical, important, verification required, and action required.
Example of a Phishing Email
Links and Attachments
Be wary of all links and attachments from unknown senders and from senders that might look legitimate, but you are not expecting an email from them e.g. an invoice for a hosting service.
Does the email ask you to click a link to update your information?
Short URL’s such as Bitly or TinyURL should always be treated with caution.
A link may look like a legitimate website, but the URL may use a variation in spelling, a hyphen might be included such as pay-pal or a different domain might be used (.co.uk becomes .uk).
Are you expecting to be sent attachments from the sender? Do they ask you to urgently open documents, usually invoices, in Word or Excel? Be very careful as these documents might contain malware.
There is no Silver Bullet
Unfortunately, there is no silver bullet. It's up to everyone to remain vigilant and watch out for suspicious emails.
• Be careful of links and attachments.
• Improve awareness through regular training.
• Use strong passwords and/or use a password manager.
• Use two factor authentication (2FA).
• Use encryption to protect information.
It’s not possible to eliminate all the risks from email phishing attacks completely. But taking the steps outlined above will significantly reduce the chances of your business becoming a victim of cyber-crime.
If you would like us to help you with consultancy or training your staff in cyber security awareness, please get in touch with us today and we can tailor a solution to fit your unique needs.