Cyber-risks and Liabilities: Spotting and Reporting Phishing Attacks
A phishing incident is a type of social engineering attack that involves a cyber-criminal using scam emails, text messages or phone calls to deceive a victim. Phishing attacks exploit people, aiming to trick individuals into doing the wrong thing, such as clicking a suspicious link that downloads malware or steals personal information. Despite a high level of scam awareness, people still frequently fall victim to phishing incidents. According to the Department for Digital, Culture, Media & Sport, 83 per cent of cyber-security breaches in 2021 stemmed from phishing attacks. As such, it’s essential for your organisation to remain vigilant.
A well-trained workforce is the first line of defence against phishing attacks. It’s vital that employees don’t make themselves an easy target. Remind staff to be careful when sharing personal and company information online, as cyber-criminals can use this information to tailor an attack. Consider creating a digital footprint policy describing what staff can and can’t disclose online. Additionally, train staff to spot and report phishing attacks by looking out for the following ‘red flags’:
• Urgency – Messages that ask for immediate responses are often scams designed to pressurise recipients into making quick decisions before fully analysing the facts.
• Emotion – Cyber-criminals regularly make false claims of support or use threatening language to instill fear into recipients.
• Scarcity – Some scam messages try to lure victims by offering things in short supply (eg deals on expensive goods or services).
• Current events – Cyber-criminals may exploit big events or current news stories to make their scams seem more relevant.
• Authority – Scammers might claim to be someone official (eg a bank or government worker). Therefore, it’s important to carefully check the sender’s details on all messages received. Often, a scam message will be sent from a public email domain rather than an official business address. If in doubt, it’s best to cross-reference the sender’s details against those displayed on the official company website.
No matter how rigorous your phishing training is, employees may still occasionally fall victim to these attacks. Remind staff to immediately report suspicious emails and messages to the IT department. Additionally, adopt a multilayered approach to phishing defences. Organisational measures should include implementing email filtering and blocking mechanisms, utilising two-factor authentication and making sure only supported software and devices are in use.
Cox Mahon Claims Manager Diane Manders commented:
“This is really good advice for everyone, whether individuals or businesses. We all need to be extremely mindful that these hackers are clever and very plausible.
We are seeing an ever-increasing number of claims where an innocent looking email has been opened exposing the account and business to the Cyber Criminal.
Stay safe, stay vigilant and if you have the slightest doubt don’t open that email, answer that text or speak to a stranger!”
For more information on phishing attack prevention, contact us today.