(Be)gone phishing: 7 easy steps to outsmart the cyber crooks

Remember the days when a phishing attack was easier to spot than Gareth Southgate in an EU football final? The pleading tone from some exotic prince who needed your help – and only your help – to transfer crazy amounts of money (usually with more zeros than we learnt to understand in school). All they needed were your bank details. The formatting was terrible, and so was the spelling and grammar. Strangely, these were created in a deliberately poor manner.??

In his research ‘Why do Nigerian scammers say they are from Nigeria’, Cormac Herley (principal researcher at Microsoft Research's Machine Learning Department), stated that savvy users are not the scammers' target audience. Rather, the creators of these emails are targeting people who would believe the sort of tales these scams involve.?

Those days are (mostly) gone.

Now, you’ll be sipping your morning coffee, checking emails, and bam! You get a message that looks urgent. And legitimately so. The email says it's from your bank … but something feels off. Maybe it’s an extra letter sneakily included in the URL, or a slight wonkiness to the logo that isn’t noticeable to the untrained eye. Welcome to the new world order of phishing.??

This is one of those instances where having a sound understanding of the risks and where they’re coming from is the first step to arming yourself – and protecting your company. We start with knowing how to identify a phishing email.??

Recognising phishing attacks: Red flags to watch out for?

Phishing emails are like those ‘too good to be true’ deals. They're designed to trick you into giving away sensitive information like passwords or credit card numbers. Here’s what to look out for:?

They use urgency and fear tactics?

Cyber criminals love inciting panic and are very canny when it comes to threatening dire consequences if you don’t respond to their email immediately.??

The greeting is completely generic?

With targeted marketing and sophisticated algorithms, it’s unusual to receive an authentic email addressing you as ‘Dear customer’ or ‘Dear user’.??

Links and attachments look ‘dodgy’??

Before you click on anything, hover over the links. If the URL looks suspicious, don’t click on it. The same applies to attachments from people you don’t know. Remember: Email attachments from malicious parties may contain malware, which can lead to a hack or data breach. If you are concerned that you are ignoring an important instruction from somewhere like your bank, rather call them and report the email to confirm if it’s genuine.???

The spelling and grammar leave a lot to be desired??

Professional companies have a communications team, where anything sent to the public undergoes quality assurance. Look out for strange typos and odd phrasing.??

They want to get up close and personal – with your sensitive information at any rate????

Be sceptical of any requests where you are asked to provide passwords or PINs.?????

Now that you know what to look out for, you’ll need to know from where these cyber assaults will come. Phishing has evolved over the years, and cyber criminals have got quite creative (if only they showed the same level of initiative with regular work!). Here are some common types of phishing attacks you should be aware of:?

The most common phishing attacks?

• Email: Why mess with a classic? These appear to be from a trusted source but are actually anything but.??

• Spear phishing: This is slightly more targeted, and more alarming. Here, the attacker has taken the time to gather information about you to tailor the email to be far more convincing.??

• Whaling: ‘Big fish’ attacks on executives and high-ranking officials. These attacks can involve subpoenas or other official-looking documents. Nothing quite as terrifying as receiving formal communication from the government!??

• Smishing: This occurs via SMS. You’ll receive a text that urges you to click on a link or call a number.??

• Vishing: Voice phishing. Here, scammers call you, pretending to represent your bank or another trusted entity, and attempt to extract sensitive information from you.??

How to avoid phishing attacks?

Now that you know how to spot phishing attempts, let’s talk about avoiding them altogether:?

• Educate your team?

Make sure everyone in your business knows how to recognise phishing attacks by providing regular and consistent training sessions.???

• Use strong, unique passwords?

** Don’t use the same password for multiple accounts. Invest in a password manager to keep track of them. DON’T write them down.?????

• Enable two-factor authentication (2FA)?

This adds an extra layer of security by requiring a second form of verification. You’ll receive immediate warning if someone is attempting to hack into any of your online profiles.??

• Update your company software regularly?

Ensure your operating system, browsers, and security software are up to date. Patches and updates fix vulnerabilities that attackers exploit.????

• Back up your data?

Regularly back up important data. In case of an attack, you can restore your information without paying to ransom it back.????

• Think before you click?

Always take a moment to evaluate emails, texts, and phone calls before taking any action. When in doubt, contact the supposed sender directly using a verified method.?

Let Support Tree protect your business?

It might be somewhat overwhelming to be solely responsible for the data security of your whole company. Having support helps. That’s where Support Tree comes in. At Support Tree, we offer comprehensive IT solutions tailored to small businesses, ensuring your cybersecurity measures are top-notch. Our services include:?

• Managed IT Services: We handle your IT needs, so you can focus on running your business.?

• Cybersecurity Solutions: From threat detection to response on your devices or your cloud environments, we've got you covered.?

• Data Back-up and Recovery: Never worry about losing important data again.?

• IT Support: Round-the-clock support to tackle any tech issues that come your way.?

Don't let phishers disrupt your business. Reach out to Support Tree today and let us safeguard your digital landscape.

Stay safe, stay smart, and keep those cyber crooks at bay!

https://supporttree.co.uk/it-solutions/??