how to spot an Email phishing attack
86% of organisations had at least one member of staff click a phishing link on an email. Phishing is the second most active type of security threat to a business, yet many staff members are unaware of how to identify a phishing email.
Here are our 7 key tips for spotting an Email Phishing Attack!
What Is A Phishing Attack?
A phishing attack is when an attacker tricks a person into revealing private or sensitive information through a fraudulent message, often through email or text. This can include bank details, personal identification, login credentials etc. The malicious link can also install malware, which can lead to digital devices being hacked, viruses being leaked onto one or more devices within the organisation or track your activity on your device.
Most importantly, businesses which are victims of attacks can suffer significant financial loss, both in fines and reputational damage. It is simply not worth the risk.
What Are The Different Types of Cyber Attacks?
Email Phishing: This is when a scammer sends an email which looks legitimate and will trick the victim into clicking a link or leaking sensitive information. This will result in the hacker stealing and possibly selling the data.
Spear Phishing: This is when a specific individual within an organisation is targeted to steal their login credentials. The attacker will gather basic information about the victim such as their name, email address and position at the business before sending out the email.
Whaling Attacks: Whaling Attacks target more senior members of an organisation as they usually have access to more areas of their business network, especially the more sensitive areas such as banking details or staff member identification. A successful whaling attack would result in lots of private information being stolen.
Snapchat was a victim of a whaling attack after an HR CEO was tricked into leaking data about four employees’ payroll information. This is hugely detrimental for a tech firm, however, is a testament to how well phishing emails are disguised and can trick even the biggest of firms.
Smishing and Vishing: Vishing is short for ‘Voice Phishing’ and is when someone uses the phone to steal information. The attacker may present themselves as working for a trusted company such as a bank, or they can pose as a family member or friend to get the victim to leak sensitive information.
An example of this can be found in the 2017 Barclays Digital Safety Advert.
Smishing is when attackers use SMS text messages. Again, they will often present themselves as a trusted organisation such as a bank or a postal delivery service. A link will often be sent to encrypt the digital device and release information about the victim. We have seen a rise in this type of phishing due to COVID-19 causing a large demand for online shopping so customers were receiving more postal notifications. Texts asking for a small payment to be made in order for their parcel to be delivered were spread around, causing bank accounts to be hacked and emptied (BBC News).
Angler Phishing: This type of phishing targets social media users. They will disguise themselves as another company or a customer service agent to trick the user into releasing their credentials or clicking a link which will send a virus onto their digital device. Many people have seen this type of phishing when a company starts a competition. A hacker will create a new social media page disguised as the company and privately message individuals telling them they have won a prize, however, for the prize to be sent, they need to click a link, or send over some details. This again results in sensitive data being released and the potential of bank accounts being hacked, or digital devices being encrypted.
How Can Your Business Avoid Phishing Attacks?
Measure Risk VS Priority Vs Consequence Vs Investment.
Like insurance policies, the more you invest, the more security cover you put in place.
As an accredited provider, we can understand your specific organisation, the realistic exposure to breaches and what REALLY needs to be protected, for the lowest investment.
Whilst no one wants to spend on cyber-security, make no mistake, it’s an insurance policy…
So when the inevitable happens, your business is protected from losing thousands to recover from a cyber attack.
Speak to our Cyber Security experts today
Call our team and you’ll speak to someone who really understands our products and can give you an estimated quote, no hassle, no obligation.
A named and dedicated account manager will be allocated to you, and provide a consultative approach to help find the right solution for your organisation.
Call us on 0345 3620 247 or, alternatively fill in the form and we can call you back.