Don’t Take the Bait – Stay Safe from Phishing Scams

Is your company at risk of falling foul to phishing scams?

The news today is saturated with stories about COVID-19. In turn, this has led to a massive increase in phishing attacks designed to exploit people’s fears and react in a knee-jerk manner.

Like many of us in isolation who are complying to social distancing, the criminals involved now have significantly more time on their hands; with this, they can now begin to exploit information bought months ago from hacks on websites and corporations. This may include your:

  • Username
  • Email address
  • Street address
  • Password
  • All of the above

You may not even know that this information has been stolen in the past and it is only now coming to light as it is used in further phishing attacks. So, we’ve penned this article to help you spot and avoid taking the bait!

How can you spot a phishing email?

A few common themes:

When connected with Covid-19, phishing emails have so far tended to take the form of WHO alerts – maybe falsely claiming to link to a list of Coronavirus cases in your area.

Additionally, we are seeing more Health Alert emails coming through with experts from China offering links to download Safety Measures. This may also come in the form of SoAndSoCompany is taking precautions in the event of the virus outbreak and click here to view their policy.

These kinds of emails try to get a download going of malicious software in order to gain access to your machine or ask you to enter your email logins to gain access to systems under your control.

Always remember that if you are not expecting an email from that person. check whether it has actually come from them.

Look a little closer:

However, some attacks are slightly less easy to spot…

There are instances when more sophisticated emails may be more convincing than your usual attack. They may come from companies you have been dealing with – citing the correct information, the correct person involved and even certain information that might look logical. All except a phone number at the bottom.

We have now seen 3 cases of the phone number for a company being changed and asking to call a London number. This is the hacker’s attempt at trying to get you to pass over information over the phone.

Scaremongering:

The most concerning phishing attack we are seeing are emails threatening to post personal information or false information to family, colleagues and friends unless they are paid within 24 hours.

Not all, but most, of these “Scare” emails are working on you being worried enough to just do as they ask without checking the language carefully and when you do check the language in the mail you find it is more a generic email rather than pointed to you.

Not taking the bait:

Phishing attacks are a real concern in a personal and professional manner. But how should you address this?

Here are a few tips for recognising and avoiding phishing emails:

  • The email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud against you now or in the future.
  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
  • Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email immediately. An example is the use of @san-its.co.uk not @san-it.co.uk
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

Knowledge is key:

If you are concerned about your staff taking the bait of the latest phishing attacks, we recommend contacting them as soon as possible. This is a real concern, so it’s worth opening up the conversation as many attacks are easily avoidable.

If you have any further questions, you can also contact us.