Skip to main content
Two men fishing

Gone Phishing ...

28th October 2024

According to the National Cyber Security Centre (NCSC) phishing makes up more than 8 in 10 cyber attacks against UK small businesses.

Everyone must now be familiar with phishing emails, however, criminals continue to develop their "skills" and are now able to target particular individuals with an email that is designed to look like it's from a trusted or known person (known as spear-phishing).

Unfortunately, business email compromise (BEC) is on the increase and is another type of phishing attack, whereby a criminal accesses a work email account in order to trick someone into transferring money, or to steal valuable (or sensitive) data.

It is very easy for the most cautious person to fall victim to these often very sophisticated scams, however, there are several steps you can take that make it harder for criminals to attack your organisation:

1. Be Cautious with Links and Attachments

Avoid clicking on links or downloading attachments from unknown or suspicious sources. Hover over links to see the URL before clicking to ensure it leads to a legitimate site.

2. Verify the Sender's Email Address

Phishing emails often use addresses that look similar to legitimate ones but with slight variations (e.g., @paypa1.com instead of @paypal.com). Take a closer look at the domain and email address before trusting the sender.

3. Enable Two-Factor Authentication (2FA)

Set up 2FA for all your accounts. Even if a scammer obtains your password, they will need a second form of authentication to access your account, like a code sent to your phone.

4. Use Anti-Phishing Browser Extensions

Browser extensions and security software often have built-in anti-phishing tools that can alert you if a site is known to be malicious or resembles a phishing site.

5. Educate Yourself and Stay Informed

Learn about common phishing tactics, such as fake prize announcements, account verification requests, and password reset scams. Stay informed about recent phishing trends to recognise red flags.

6. Avoid Public Wi-Fi for Sensitive Transactions

When accessing sensitive accounts (e.g., banking, email), avoid using public Wi-Fi, as it can be easily exploited by attackers. Use a virtual private network (VPN) if you need to access such accounts on public networks.

7. Check for HTTPS on Websites

Ensure that websites, especially those where you log in or enter personal information, have HTTPS in the URL. This indicates a secure connection.

8. Report Suspicious Emails

Many email providers have a “Report Phishing” option. Reporting such emails helps improve filters and can protect others from falling victim to the same scam.

9. Use Unique Passwords for Different Accounts

Avoid using the same password across multiple accounts. This reduces the risk of a single compromised account leading to further breaches.

10. Regularly Monitor Financial and Online Accounts

Keep an eye on your financial statements and online accounts for any unauthorised transactions or suspicious activities, so you can act quickly if anything unusual occurs.

11. Enable Security Notifications

Many platforms offer security notifications when changes are made to your account, or an unusual login is detected. Enable these notifications to stay informed of any suspicious activity.

Click HERE to learn more about our IT security services.

Back to top