2 June 2021

The lowdown on phishing

Whether it’s as a result of the increasing number of suspicious phone calls, texts or emails, we’ve all become increasingly aware of the threat of cyber-crime and specifically phishing. Unfortunately some of us have been affected by it.

When people are victims of phishing attempts the impact is four-fold. Financial loss is the most immediate effect but there’s also the risk of further identity theft and, if your email account is compromised, there are also the risk of your friends and family being subjected to scams. Finally, don't underestimate the psychological after effects on the individual.

For businesses, the effects can be just as devastating. Apart from the financial loss, businesses could be subject to business disruption and reputational damage as well as the potential for regulatory action. 

We recently had some training on phishing and we thought you might benefit from hearing some of the big lessons we took away from it.

And if you’re wondering what phishing is, here’s a short explanation. Phishing is a bogus email, text or sometimes phone call that’s trying to trick you into doing something such as downloading malware or sharing security information or personal data.  

There are steps we can take

The good news is there are things we can do to spot these scams and decrease the likelihood of falling for them.

You may be able to spot the warning signs that the email, text or call you received may be a scam.

  • Often the phishing attempt will include a veiled threat i.e., you haven’t paid your bill. The criminal’s intention is to increase your stress level so you are more likely to act quickly in reaction.
  • There will be a level of urgency in the phishing attempt i.e., you need to act now to stop something from being cut off. Again, this is to trick you into reacting quickly and immediately.
  • They may combine this urgency with an incentive i.e., you’ve won a prize but you must claim it now.
  • Certain deadlines and events can drive the criminal behaviour. For example, there is an increase in phishing attempts around tax year end.

 

In addition to the signs to look out for, there are steps you can take to reduce the likelihood of a successful attack and we thought we’d share a few helpful tips from our training below.

  • Keep your emotional reaction in check and don’t act immediately. If you receive an email, text or phone call which is urging you to take action, click on a link, provide details, then take a step back to consider whether your emotions may be driving an action. 
  • Never click on a link in an email, text or social media message unless you are 100% confident that you know where it’s come from. Remember email addresses can be faked so take steps to verify the message before clicking the link.
  • Remember most of your service providers such as credit card providers or bank won’t ask you to click on a link. They will ask you to go and log into your account as you would normally.
  • Double check if someone messages to say they’ve changed their bank details – this one is equally important for businesses as well as individuals. Speak to them to find out if this is the case.
  • Check the content of the message: If they are badly written with spelling or grammatical mistakes, that could be a sign that something is not right.
  • Register your phone number with the Telephone Preference Service (TPS). While it’s unlikely to deter hardened criminals, it’s good housekeeping.
  • Check whether your email or phone number has been involved in a data breach through a service called Have I been pwned

 

If you spot something that seems suspicious, then we’d encourage you to report it. Again, head over to the Action Fraud website – they make reporting any suspicious or confirmed phishing attempts easy.

Finally, we’d recommend visiting Action Fraud – they’re the experts and offer loads of easy to understand and follow information.