Phishing: How to not get hooked by hackers

8 May 2019 by Charlotte Nuttall

Phishing is an attempt to obtain sensitive information by pretending to be a trustworthy source via electronic communication.

Social engineering attacks are increasing in sophistication and prevalence. 156 million phishing emails are sent out every day. And of the businesses and charities that suffered a cyber-breach or attack in the last year, 80% identified a phishing attack as the cause, making it the most common type of attack.

The human element is often the weakest link and the first barrier in a company’s security. Plus phishing emails are becoming more believable and therefore harder to detect. Let’s take a look at how to phish like the hackers.

What is a phishing email and what are the warning signs?

Cybercriminals send an email that appears to have been sent from a legitimate source. It will ask you to click a malicious link or open an attachment containing malware.

Typical warning signs to look out for include:

• An email sent from a public address or from an address which does not seem genuine. It could be addressed to a general recipient rather than using the recipient’s name.
• Unusual or suspicious attachments within the email.
• The creation of a sense of urgency or panic by including a call to action. For example: to reset the recipient’s password.
• Links to unrecognised sites or URLs.  These often misspell a familiar domain name.
• General poor spelling and grammar.
• Any request to confirm personal or sensitive information.

How do you start protecting your business?

The first step to preventing phishing attacks from having a detrimental effect on your business is to think of your staff as a human firewall. It’s vital to recognise that your staff are the first hurdle for a phishing attacker to overcome. Ensuring your team are aware of this too is basic best practice. Technology will stop a certain threshold of attacks, but getting your team on board as an extra defence level is crucial.

It’s easy to become overwhelmed by the fear around phishing attacks. But educating your staff about the warning signs, procedures and consequences will remove the panic. Businesses have a duty to look after employees so that they have the means and know-how to look after the organisation.

After educating employees on phishing, investing in cybersecurity measures is the next logical step to protecting yourself.

UKFast’s Phishing as a Service tool sends campaigns to your internal employees to measure how many fall victim to phishing email attacks. The campaigns help you to identify weak links in your defences, deliver training to reduce the risk of hackers infiltrating your business, and protect your organisation from sophisticated attempts to compromise your sensitive data.