Four Expert Tips to Avoid Phishing Attacks
This morning, news broke that Lancaster University has suffered a personal data breach as a result of a phishing attack.
The attack involved sending bogus invoices to undergrad applicants and proves that no matter the size of your business, charity or institution, no one is exempt from the threat of phishing scams.
Phishing attacks cost very little to the threat actor, yet can have a detrimental effect on your business. 90% of data breaches now start with a phishing attempt, making it a serious threat to your organisation.
So what steps can you take to protect your business from this common type of cyber-attack? Here’s four steps to get you started.
1. Be vigilant! Look out for the most obvious signs of phishing
There are many obvious tell-tale signs of phishing scams, however, many appear to be genuine and convincing. From spelling and grammatical errors to perfectly crafted social engineering attempts, everyone in your business must be vigilant.
Common signs to look out for:
- Poor spelling and grammar
- Links to unrecognised sites that appear legitimate
- Untrustworthy email addresses
- Sense of urgency or panic with potential consequences, including a call to action
- Offer of financial rewards
- A request to confirm personal or sensitive information
- Personalisation – information about you included in the email received from social media or data leaks
- Emails sent by high ranking people within your organisation
- Pop-ups and cold calls
2. Keep up to date with the various types of phishing and techniques
Phishing attacks are evolving all the time. It’s important to note that not all phishing attacks are emails. In fact, there are many phishing techniques that threat actors use. From spear phishing to whaling, pharming to deceptive phishing, SMiShing and social media phishing threats. It’s crucial to keep informed about the latest developments, how they can socially engineer their way into your business, and how to prevent them.
3. Ongoing employee training and awareness
One of the main forms of phishing prevention is by ensuring your employees are clued-up on phishing, the various forms and developments, and how to spot attacls. Think of your employees as a human firewall.
It just takes one employee to click on a phishing scam to enable the threat actor to enter into your systems. Training your employees to think before they click, how to report phishing scams, and what to look out for by using real-life examples, all helps in phishing prevention.
Protect your business from a range of common cyber-threats, with UKFast’s comprehensive security solutions.