Phishing: Don’t get hooked

Georgina in accounts receives an email from her boss asking her to transfer £3,500 to a supplier she has never heard of. It appears legitimate so she transfers the amount without question. Turns out this was a classic phishing attack and the money was irrecoverable.

Be vigilant and look out for the basic red flags:

Subject line: Typically tries to create a sense of urgency, i.e. “Please pay ACME by 5pm”, to get a quick response with little thought.

Sender address: Look out for misspellings; ‘g’ is often replaced with ‘q’, or an underscore may be present, both can be easily overlooked. Also be wary of ‘no-reply’ addresses.

Greeting/Sign-off: Will often be impersonal; “To User”/“From Customer Service Manager”.

Body copy: Poor grammar, special characters and punctuation errors are common.

Links: They may look reputable, but hover-over to reveal the real address. Do not click if it looks dubious, i.e. drive-google.com, or if it has an unusual format i.e. ‘mailru382.co.’

Attachments: Tread with caution, they could be malicious downloadable files that will infect your device. If it looks suspicious, it probably is.

We highly recommend you install data protection and antivirus software for added security. However, it’s all good and well protecting your network but if a phishing email gets inside your organisation, it’s your army of people that need to be prepared.

We strongly suggest your team undergoes social engineering training to improve their defences. This comes as part of Cyber Essentials Certification, which we advise all businesses to obtain.

  • To read this feature in full and access further Lancashire business news, advice and analysis subscribe to Lancashire Business View magazine or join the LBV Hub from just £2.50 per month. Click here to subscribe now.