Due to their simplicity and effectiveness, phishing emails are one of the easiest and most common forms of cyber-attack that scammers can use as they target the weakest link in the security chain – the user. We're here to help explain what phishing is and how you can protect your business from malicious and damaging attacks.

WHAT IS PHISHING?

The term ‘phishing’ is often linked to fake emails but can also take the form of a text message or social media post that looks like the real thing but is, in fact, malicious. A scammer will use phishing techniques in order to convince the recipient to click on links within the message that could potentially lead to a virus being downloaded on to their computer or often lure users into revealing personal or financial information.

Scammers are opportunistic and their phishing attacks will seek to exploit real-world concerns in order to trick users into interacting. In addition, millions of people are now working from home, meaning that email has become a critical tool for communicating with colleagues working remotely. Scammers have used this to their advantage, as we’ve seen a sharp rise in phishing attacks since March 2020.

As well as email, many companies are utilising other cloud technologies, such as Microsoft Teams and SharePoint, which have allowed employees to collaborate remotely. However, these are also targeted by criminals in order to obtain sensitive information such as usernames and passwords. 

Common scams include emails which include a link to download a SharePoint file or log in to a Teams meeting which actually contains a link to a malicious website but looks like the Microsoft 365 login screen. Once a user enters their username and password on the website, the cyber-criminals could have access to company data and could obtain specific details which can then be used to create fake invoices requesting payment for something that the company may have purchased. They could even use the company’s email system to send out further phishing attacks to the company’s suppliers and customers, causing damage to their reputation.

Throughout 2021 scammers have continued to exploit the theme of pandemic-related compensation. This time, offers of financial assistance were mostly sent out, claiming that HMRC were ready to pay out COVID related grants to businesses. It goes without saying that the grants did not materialise but attempts to claim them often lead to compromised bank details.

Messages regarding parcel deliveries are also one of the most common ruses. Following Brexit, Customs’ rules have changed, so an invoice requesting the payment of Customs Duties or shipping costs may appear to be genuine. However, when trying to pay the invoice, victims are taken to a fake website where they risk not only losing the amount itself but also suppling the cyber-criminals With their bank or card details.

PHISHING: What should I look out for?

Urgency 
Phishing emails will often give you a limited time to respond (like in 24 hours or immediately). Cyber-criminals often threaten you with fines or other negative consequences to rush you into responding.

Emotion 
Does the message make you panic or curious? Scammers often use threatening language, make false claims or tease you into wanting to find out more.

Scarcity 
Is the message offering something in short supply or at a price that seems too good to be true? Fear of missing out on a good deal or opportunity can make you respond quickly.

Current events
Criminals often exploit current news stories, big events or specific times of year (such as tax deadlines) to make their scam seem more relevant to you.

We always recommend setting up two-factor authentication (2FA) for accessing cloud services and can help you put in place all the required protection to help your business become Cyber Essentials certified. This will give your clients and suppliers reassurance that you take IT security seriously and that you have systems in place to help protect your business.

HOW DO YOU PREVENT PHISHING ATTACKS?

Integrity IT Solutions can provide help and advice on protecting your IT systems against phishing attacks. We always recommend setting up two-factor authentication (2FA) for accessing cloud services and can help you put in place all the required protection to help your business become Cyber Essentials certified. This will give your clients and suppliers reassurance that you take IT security seriously and that you have systems in place to help protect your business.

We can provide tools to help teach your staff the signs to look out for when they receive an email and to check that it is genuine. We can also implement email protection which will scan embedded links within emails and email attachments for malicious websites.

To find out more, contact one of our team on 01228 594682 or email info@integrityoffice.co.uk to discuss your requirements.