If you have an email address, then at some stage you would have received a fraudulent email trying to steal your personal information. It’s known as phishing and happens when a cybercriminal pretends to be someone else in order to persuade you to part with sensitive information, such as bank details, credit card numbers, passwords, or log-in details. It might sound like it’s easy to avoid, but most of the time, the email is formatted in a way that makes it appear to come from a source you can trust.
If you’re running a business, a phishing scam can threaten your entire operation. Every member of your staff with access to company email address is a potential risk, greatly increasing the chances of security breach. So, it’s vital that you take steps to protect your business. Here are some ways you can do that.
Know what to look for
We’ve all seen the obvious phishing attempts. These are the ones that typically end up in your junk mail box, such as a message from a prince of small African country promising a large sum of money in return for a favour. But some are much less obvious, using advanced techniques that can mimic the branding or website of the organisation they appear to come from.
Certainly, if an email promises too much, this is a sign that all may not be right. These phishing attempts could include a tax refund, an interest-free loan, or free product from a supplier – all in an attempt to make you part with your bank details, log-in details or account information. If it sounds too good to be true, then it probably is.
Look out for suspicious attachments too. Most genuine organisations won’t send emails with unspecified attachments, especially .zip files. Once opened, these can release a virus that could infect your computer, record your keystrokes or steal personal data.
Other tell-tale signs include spelling mistakes/typos, a strange tone of voice, a sense of urgency or the threat of a penalty if you don’t respond.
Check the URL
If you are suspicious, but not entirely sure, it’s a good idea to check the origin of the email or the site where you’re being directed. If you hover over the link, you will see the actual URL, which will allow you to see if it’s a randomly generated URL. Sometimes the address will be a shortened, such as http://bit.ly/xxxxx/. In this case, you can check whether it’s genuine, by going to https://checkshorturl.com/
If you right click on the address, you can also copy it to your clipboard and use tools such as Google’s Safe Browsing Tool to check if it’s genuine or safe to visit. Some antivirus/firewall products may have features that can help with this too.
Still wary about visiting the link? Try googling the link without the URL. That way, you can check that the link isn’t a fraudulent mirror image of the actual site.
Protect your company email
The big problem with email is that it’s a completely open system. In practice, anybody can email anybody else – as long as they have a bona fide email address. One way of getting round this at work, is by using an internal messaging service for communication between colleagues in your business.
However, it’s equally important to raise awareness of phishing. Train your staff to identify, avoid and report phishing scams. After all, everyone with access to email is a security risk and could become a victim exposing your company’s sensitive data and financial details.
Finally, ensure your company uses a reputable, up-to-date antivirus and firewall system, ideally with anti-phishing capabilities. If your employees use email at home or on other personal devices, either ensure these devices are protected by the same system, or only allow business email to be conducted on authorised work devices.
Phishing is on the rise and cybercriminals are using ever more sophisticated technology to scam people into giving out sensitive data. Take these simply steps and you can greatly reduce the chance of a phishing scam affecting your business.