It happens in many different forms, but the most common is through an email that looks like it's sent from a reputable source.
The goal of this article is not only to show how phishing works, but also give you some pointers on how you can prevent it from happening so you don't have to deal with the consequences.
A phishing attack is a scam that uses email to trick recipients into clicking on links, opening attachments or otherwise taking action which produces harmful results. These emails appear to come from sources the user normally trusts - banks and credit card companies for example; however they can be more than just an annoyance if you end up too deep into the ‘trap’!
According to the UK Security Breaches Survey 2021, more than 64% of large businesses have experienced attacks in the last 12 months.
1. Understand the risks of phishing
Phishing is a constant threat to your business and it's becoming increasingly sophisticated. Successful phishing attacks can cause financial loss for victims, put personal information at risk, jeopardize the systems your organisation relies upon and even land you with legal consequences like fines or worse yet - the loss of the ability to operate your business.
A phishing attack is often cleverly crafted, so it can be difficult to understand. But once you've seen one in action, the process becomes clear and those old spam emails don't seem quite as scary anymore! You know what they say: "just because your email address isn’t on file doesn't mean that bad things won’t happen."
Although there are many types of attacks out there (some targeting professionals or even celebrities), all forms rely heavily upon malicious tactics - such as an adopted identity.
2. Know how to spot a phish
There are several identifiers that can help you recognize a phishing attack straight away, five of the more common signs are:
Emails sent from an unusual address or domain. You will notice that the name is highly personal and not a business name or else it’s from an account such as “gmail”, ``hotmail” or “msn”. You can look at the email by clicking on it and checking the ‘other’ section, there you can check the actual email used to communicate with you. If it’s suspicious, don’t interact with the email in any way.
Another giveaway is that the domain is the wrong spelling, often phishers do this to deliberately deceive you, hoping that you won’t notice and to imitate the organisation they purport to represent.
Spelling and grammar mistakes beyond a reasonable amount is also suspicious. Often this indicates that the attacker is international but it also is a red flag, marking it as not trustworthy.
Strange attachments and links are definite signs that it’s dangerous. You must not click them.
Urgency. If the message encourages you to take fast action, do something within a timeframe or the like, it’s probably
A few patterns can be identified. 48% of suspicious attachments are Microsoft Office files.
3. Be wary of suspicious phone calls, and text messages
Passwords. Usernames. Identification numbers. All these types of data should not be discussed, mentioned or revealed in a phone call. If you’re asked these questions it’s a serious red flag as to whether the person calling is the organisation or person they say they are. It also points to malicious intent. Keep your information to yourself.
If these texts or calls involve threats to your bank accounts, personal accounts or any allusions to endangering your functional utilities involving data, then it’s probably a scam and often someone phishing. If you think that a request is unusual and you’ve never done it before, be cautious. Calls that are about new links sent you online are especially suspect.
If the sender is evasive when it comes to your queries do not trust them. If you discover that you’re unable to call the sender back, or there’s no way to contact the official company; avoid going further with anything.
4. Use two-factor authentication when possible
While not infallible, 2FA (two-factor authentication), can help protect sensitive information and accounts. It involves users logging on to a website to confirm their identity through another source and not just via their password. Setting it up can be easy and a lot of apps make it simple to set things up. For example, some recent Macbooks have 2FA built-in.
A 2019 Microsoft report showed that 99.9% of automated cyber attacks were blocked when 2FA was in use. Encourage your business to configure it for increased security online.
A nifty checklist to improve your cybersecurity when it comes to phishing: 240
Almost a third of cyberattacks belong to the broader “phishing” category. That's why it’s important that you know how to deal with them and prevent problems rather than picking up the pieces after a successful infiltration.
Conclusion
Phishing attacks are a serious issue for companies and individuals. In order to be prepared, you should work with cybersecurity experts who can help protect your data from malicious hackers. Contact us today if you want to learn more about our services or how we can provide the best possible protection against phishing scams.
It’s currently riding waves; infiltrating the remote work space. As more and more people work remotely, opportunities abound for hackers to infect their computers with malware - particularly ransomware. This makes it easy for them to target anyone from software specialists to admin staff who are working from home or the coffee shop; many of which make perfect hacking targets. Remote workers should make sure they have up-to-date anti-malware software on their devices, as well as updating all passwords after every online session. Remote workers also need to be careful about opening anything suspicious; but we’ll get to that later.
Remote work is a golden opportunity but it’s also a double-edged sword when it comes to cybersecurity.
What is ransomware and how does it work
Ransomware is a type of malicious software designed to extort money from users by holding their data hostage. The best way for people who are unfamiliar with this threat - like parents, and teens just starting out their careers - to protect themselves is through thorough security practices at home and elsewhere.
The impact of ransomware on the world has been significant. Recent attacks have crippled the ability of hospitals' to provide crucial services- amid the pandemic - paralyzing public services in cities, disrupting entire healthcare systems.
Ransomware is the most prominent type of malware meaning that we must be more aware of it in the coming months and years as its sophistication develops. The most common way to get ransomware onto your device is through spam email. The messages usually come with an attachment, which if clicked will install malicious software on the user's device and grant hackers access rights.
How remote work led to a spike in attacks
Two trends are responsible for a stark rise in attacks in the last couple of years: Cryptocurrency and remote work. By definition ransomware involves extortion and with cryptocurrency and other Blockchain assets at high prices, this is a very common ransom.
“It's not a coincidence that there are never-before-seen amounts of ransomware attacks happening exactly as shutdowns forced people to go remote,"
Paul Martini, CEO of cloud cybersecurity company iboss
90% of ransomware attacks are caused by employees unintentionally exposing vulnerable information and giving device, network and platform access to bad actors.
Without the systems in place provided by employers at designated offices, the responsibility for cybersecurity has fallen into the hands of remote employees. This is a big issue because vast swathes of them don’t have the necessary cybersecurity knowledge to adequately protect their devices from the increasingly insidious risks hackers and digital criminals present. Picture a newly onboarded employee who has only ever met with their employer online, in such a situation a cybercriminal will have a less difficult time posing as a line manager or the CEO.
The bottom line is that with remote work on the rise, so are ransomware attacks. Stay vigilant.
The impact on employers, employees, and the economy
The rise of ransomware has had a major impact on employers, as it makes them more vulnerable and susceptible to cyber attacks. The once- prized possession that was the company's data becomes worthless when hackers take over systems demanding ransom in exchange for not destroying whatever information is encrypted - usually with an encryption algorithm which can only be accessed using one single password or key phrase found nowhere else but within this malware program.
But it’s obviously much deeper. The financial, productivity and time ramifications of successful attacks are often disastrous with long term impacts on an organisation. 77 percent of full-time employees temporarily lost access to systems, and 26 percent couldn't fully perform their professional duties for at least a week, according to the 2021 Ransomware Impact Report from Keeper Security. This results in lost time, customers, ruined timescales and can land a blow to the reputation of any business.
$67m. Nope that’s not the total impact on the UK economy. It’s merely the financial impact on UHS, a publicly traded company based in the US, in the last QUARTER of 2020 alone. Ransomware is serious business.
Preventing an attack from happening to your business or personal devices
A few steps you can take to mitigate the potential impact of ransomware attacks include:
While it’s true that backing up important data is the single most effective way to recover from ransomware infection, there are some considerations. Your backup files should be appropriately protected and stored offline or out of band so they can't be targeted by an attacker who wants access. Using cloud services could help mitigate this risk.
A good way to ensure that your IT security team knows how best to protect against ransomware is by creating an incident response plan. The document should include defined roles and communications shared during attacks, as well a list of contacts such as partners or vendors who might need notification in case something goes wrong - like if they receive suspicious emails from outside sources. Consider adopting this policy too: it will keep everyone aware at all times so no one has any surprises when handling threats.
Want to keep your company's data safe? Then it is important that you restrict access and limit the amount of devices allowed on each port. Remote desktop protocols (RDP), are a favourite entry point for bad actors; don’t give them the chance if you don’t need to.
In order to stay secure, make sure that your organization's systems are always up-to-date with the latest updates. You should also turn on auto-updates in order for vulnerabilities like these to be fixed quickly and efficiently without having any downtime or impact on business activities such as workflows.
The only way to stop ransomware is by being aware of it. Employees can protect themselves from malicious emails with security awareness training that teaches them what they should look out for in an email before clicking on any links or downloading attachments.
There are other steps you can take too, which is why you should get in touch with us.
Ransomware is proliferating as it is ‘largely uncontested’ and highly profitable.
Jeremy Fleming, Head of GHIQ
To find out more about how we can resolve your IT issues please email or call us:
Send us an email Call us +44 (0)1462 416400