Phishing is one of the most common types of cybercrime, with more than 400,000 reports of phishing emails each year, but despite how much we think we know about this type of scam, people still regularly fall victim.
With scammers continually developing increasingly sophisticated scams to get us to part with our personal details, account information and passwords, here’s our guide to everything you need to know to outsmart the cybercriminals.
How to Spot a Phishing Scam
Beware of the subject header or message content
Attacks will often leverage current or alarming topics to increase the likelihood of a victim taking the bait.
Look at the email address, not just the sender
If the message is sent from a public email domain it is likely to be suspicious - no legitimate organisation will send emails from a public domain e.g. an address that ends ‘@gmail.com’ or ‘@hotmail.co.uk’.
Watch out for misspelt domain names
There are plenty of ways scammers can create email addresses that are indistinguishable from the one that’s being spoofed.
Be wary of emails requesting personal information
Legitimate companies won’t contact you out of the blue and ask for details such as your date of birth or banking passwords.
Poorly written emails can often be a sign of a scam
Official emails from trusted companies will not have glaring grammatical errors that appear as though they have been poorly translated or words used in the wrong context. Scammers may use translation tools, so, if the language used doesn’t seem quite right, take care!
10 Actions to Take to Help Prevent Phishing Attacks
- Never open an email attachment unless you are fully confident that the message is from a legitimate party
- Contact the supposed sender through an alternative means of communication and ask them to verify that what they sent you is legitimate
- If you receive a pop-up warning about the file’s legitimacy or the application asks you to adjust your settings, then don’t proceed
- If you have received an email you have identified as a phishing scam, mark it as 'Junk' so you won't receive emails from this address again, or report it to your IT department if it’s come to your work email address, and then delete it
- If you receive a phishing text message, block the number on your phone and delete the message
- Ensure you are using up-to-date security software on your PC. Set the software to update automatically so it can deal with any new security threats
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats
- Protect your accounts by using multi-factor authentication - extra security which requires two or more credentials to log in to your account - this makes it harder for scammers to log in to your accounts if they do get hold of your username and password
- Back up your data - copy your files to an external hard drive or cloud storage. Remember to back up the data on your phone too
- If you’ve received a phishing email, text or phone call make sure you stay on high alert as scammers may try other ways of targeting you.
There are no fool-proof ways to totally prevent phishing attacks but by following the tips above, and if organisations have adequate anti-phishing tools in place and educate employees on the risks, these sorts of scams can be avoided.
To get in in touch to discuss how Claritas can help you protect against phishing in the workplace, contact us via: firstname.lastname@example.org.
Or get in touch on social media, via: