Search

Let’s remind ourselves about phishing...

Phishing emails and texts are the vermin of the online world and they are here to stay. Many cyber incidents involving businesses begin with an employee unwittingly clicking on a link within a bogus email. So let’s have a refresh, shall we?


What is phishing?


Phishing is when criminals attempt to trick people into doing 'the wrong thing', such as clicking a link to a dodgy website.


Phishing can be conducted via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email.


Criminals send phishing emails to millions of people, asking for sensitive information (like bank details), or containing links to spurious websites. Some phishing emails may contain viruses disguised as harmless attachments, which are activated when opened.


Tell-tale signs of phishing


Spotting a phishing email is becoming increasingly difficult, and even the most careful user can be tricked. Here are some tell tale signs that could indicate a phishing attempt...


  • Is the email addressed to you by name, or does it refer to 'valued customer', or 'friend' or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.

  • Look at the sender’s email address. These addresses are usually carefully designed to look authentic. But by taking a very close look at them, you can usually see inconsistencies and things that don’t make sense. If possible, compare the sender’s email address to that of previous messages from the same company. If it’s a phishing email, you will notice things that don’t add up.

  • Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what you'd expect?

  • Look out for spelling or grammatical errors. And does the font or typeface look odd? A respectable business or organisation will get the basics right, scammers may not.

  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.

  • Your bank (or any other official source) should never ask you to supply personal information in an email. If you need to check, call them directly.

  • If it sounds too good to be true, it probably is. It's most unlikely that someone will offer you designer trainers for £10, or codes to access films for free. And gentlemen, remember, there are no “stunning Eastern European women waiting to meet you”! Sorry!


Make yourself a harder target


Information from your website or social media accounts leaves a 'digital footprint' that can be exploited by criminals. You can make yourself less likely to be phished by doing the following:


  • Criminals use publicly available information about you to make their phishing emails appear convincing. Review your privacy settings, and think about what you post.

  • Be aware what your friends, family and colleagues say about you online, as this can also reveal information that can be used to target you.

  • If you have received an email which you’re not quite sure about, forward it to the NCSC's suspicious Email Reporting Service (SERS): report@phishing.gov.uk


What to do if you've already clicked?


The most important thing to do is not to panic. There are number of practical steps you can take:

  • Open your antivirus (AV) software, and run a full scan. Follow any instructions given.

  • If you've been tricked into providing your password, you should change your passwords on all your other accounts.

  • If you have lost money, you need to report it as a crime to Action Fraud. You can do this by visiting www.actionfraud.police.uk.


Staff Awareness Training


Employees are a company's greatest asset. With security awareness training, they can also become highly effective barriers to cyber crime.

Our security awareness training helps staff understand their working environment, giving them the confidence to speak up when something doesn’t look right.

The training is focused on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules using real world examples.

Awareness training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.

To request a quote, contact us via our website.

 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.