An essential guide to phishing – helping your business avoid the bait!

20 October 2020
Get in touch

Share on social..

Businesses are embracing technology and relying more and more on the internet for communication, and so much of what we do as part of our daily life is now online which has resulted in a massive increase in cybercrime.

Phishing continues to be the most common form of attack due its simplicity, effectiveness and high return on investment. It has evolved from the early days of tricking people with scams of Nigerian prince’s and requests for emergency medical treatment. The phishing attacks taking place now are sophisticated, targeted and increasingly difficult to spot.

Even tech giants such as Facebook and Google have suffered phishing attacks lasting more than two years in where cybercriminals posed as suppliers they regularly did business with. The criminals swindled Facebook and Google out of millions using fake corporate stamps, email addresses, and invoices.

The statistics and costs of cybercrime in the UK

Carbon Black reports that up to 88% of UK companies have suffered breaches in the last 12 months,  and one small business in the UK is successfully hacked every 19 seconds. 

There are also signs that scammers are now particularly targeting SMBs.  Users of Software-as-a-Service (Saas) and webmail services are now being targeted more than any other group, according to the Anti-Phishing Working Group. This category became the biggest target for the first time recently, accounting for over a third of all phishing attacks.  Around 65,000 attempts to hack SMBs occur in the UK every day, of which 4,500 are successful. 

The cost to business is real and 33% of UK organisations say they have lost customers after a data breach and many UK consumers also claim that they will stop spending with a business temporarily after a security breach, and claim they will never return to a business post-breach.

Can your business afford not to take this seriously?

What is Phishing?

Phishing is a tactic used by cyber criminals that targets our businesses by sending emails that appear to be from a well-known source. It is a powerful tool, with little effort required by the criminals to steal our personal data and extort money. The sender could even be posing as the CEO or Managing Director of your company or as a business you frequently use such as Microsoft, PayPal or Amazon.

Traditionally, phishing attacks were launched through massive spam campaigns that would have targeted large groups of people. The aim was to trick as many people as possible into clicking a link or downloading a malicious attachment. There would always have been a percentage of people that clicked on the link, but as the general public has become more aware of scams, the attackers have become more sophisticated and targeted in their approach.

Cybercriminals send out fraudulent email messages that appear to come from a legitimate source. The email is designed to trick the recipient into entering confidential information (i.e. account numbers, passwords, pin numbers, birthday) into a fake website by clicking on a link. Once clicked, they can then steal sensitive information and use this to commit identity fraud or sell it on to another criminal third party, or infect a computer with malware. 

What is the main goal of phishing?

Hackers use phishing to:

  • Obtain your identity 
  • Obtain your businesses sensitive data
  • Obtain your client information and data
  • Obtain funds from your business 
  • Upload malware or ransomware to your device(s) 
  • Impersonate a trusted person or business to request money
  • Exploit data for money 
  • Encrypt or destroy your data
  • Make unauthorised transactions
  • Perform credit card fraud
  • Access your systems to launch attacks
  • Steal passwords, usernames, and more 

All it takes is for an employee to click a malicious link or attachment, enter sensitive information or fall for a false corporate email or stamp. 

What to do if you suspect a phishing attack

McAfee estimates that 97% of people around the globe are unable to identify a sophisticated phishing email so the cyber criminals are still successfully tricking people into giving away personal information or downloading malware. Despite the convincing nature of these emails, there are still some giveaway signs that may warn us of the presence of a phishing email.

Ask yourself — Do I know this person or this company contacting me?

If yes, contact the person or company by phone or by going on the company website. Do not click any links or download any attachments.

If no, see our tips below for how to spot a phishing email. If you see the signs, report the message to the email provider as spam and delete it and if applicable, warn other employees if it’s a business email domain.

Tips on how to spot a phishing email

Identifying a phishing email has become a lot harder than it used to be as the criminals have become much more sophisticated in their attack methods. The phishing emails that we receive in our inbox on a daily basis are increasingly well written, personalised, contain the logos and language of the brands we know and trust and are designed in such a way that it is difficult to distinguish between an official email and a fake email.

A mismatched URL

One of the first things to check in a suspicious email is the URL. If you hover your mouse over the link without clicking on it, you should see the full hyperlinked address appear. Despite seeming perfectly legitimate, if the URL does not match the address displayed, it is an indication that the message is fraudulent and likely to be a phishing email.

Example

 

 

 

 

 

 

 

 

The email requests personal information

A reputable organisation will never send out an email to customers asking for personal information such as an account number, password, pin or security questions. If you receive an email requesting this information, it is likely to be a phishing email and should immediately be deleted and reported as spam.

Example

 

 

 

 

 

Poor spelling and grammar

Cyber criminals are not renowned for their spelling and grammar. Whenever legitimate businesses send out emails to their prospects and customers they are often proof read a number of times to ensure the spelling and grammar is correct. If you spot spelling mistakes or grammatical errors within the email it is unlikely to have come from an official source and could indicate a phishing email.

The use of urgent language

Another common phishing tactic is to promote a sense of fear or urgency to rush someone into clicking on a link. Cyber criminals will often use threats that your security has been compromised and that urgent action is required to fix the situation. Be cautious of subject lines that claim your account has had an “unauthorised login attempt” or your “account has been suspended”. If you are unsure if the request is legitimate, contact the company directly via their official website or official telephone number.

Example

 

 

 

 

 

 

Unexpected correspondence

If you receive an email informing you that you have won a competition you did not enter, or a request that you click on a link to receive a prize, it’s highly likely to be a phishing email. If an offer seems too good to be true, it usually is!

Example

 

 

 

 

 

 

Unusual sender address

No legitimate organisation will send emails from an address that ends ‘@gmail.com’ – Not even Google! Most businesses, will have their own email domain and company accounts. For example, legitimate emails from Google will read ‘@google.com’.  Look at the email address and not just the sender.

If the domain name (the bit after the @ symbol) matches the apparent sender of the email, the message is probably legitimate. 

The best way to check an organisation’s domain name is to type the company’s name into a search engine. 

Steps you can take to protect your business against attacks

  • Deploy Multi-factor Authentication (MFA) to all your users

MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application.

By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9 percent of account compromise attacks.

  • Install Anti-Virus Software

Anti-virus software is the first line of defence in detecting threats on your computer and blocking unauthorised users from gaining access. It is also essential to ensure that your software is regularly updated to ensure hackers are unable to gain access to your computer through vulnerabilities in older and outdated programmes.

  • Never click on suspicious links

Legitimate businesses will never send emails requesting you click on a link to enter or update personal data.

  • Educate Staff

Over 90% of all successful cyber-attacks are a result of information unknowingly provided by employees. As networks become harder to attack, hackers are increasingly targeting what they perceive as the weakness in a company’s defences – its employees!

Companies may have the strongest of cyber defence systems in place, but these systems offer little protection if cyber-criminals are able to bypass these traditional technological defences and get straight to an employee tricking them into giving out sensitive information.

As hackers hone their techniques and become more targeted in their attacks, it’s important to educate staff and provide regular training on what they should be looking out for and how they can play their part in preventing a phishing attack.

  • Be careful what you post online

The internet and social media has transformed how we communicate with each other on a day to day basis, however this culture of sharing has provided cyber criminals with an easy way to profile potential victims ensuring their phishing attempts are more targeted and harder to spot.

Hackers are turning more and more to social media platforms to access personal information such as age, job title, email address, location and social activity. Access to this data provides the hackers with enough info to launch a highly targeted and personalised phishing attack.

To reduce your chance of falling for a phishing email, think more carefully about what you post online, take advantage of enhanced privacy options, restrict access to anyone you don’t know, and create strong passwords for all your social media accounts.

  • Verify the security of a site

Before entering any information into a website, you should always check that a site is safe and secure. The best way to do this is to look at the URL of a website. If it begins with a “https” instead of “http” it means the site has been secured using an SSL Certificate. This ensures that all your data is secure as it is passed from your browser to the website’s server. There should also be a small padlock icon near the address bar which also indicates the site is secure.

Lumina Technologies offers advanced cybersecurity solutions to protect businesses and their employees from falling victim to phishing emails, as well as keeping software patched and secure.

What our customers say

Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.

Luke Harrison, Keidan Harrison LLP

Lumina have supported us so well through the difficult circumstances of 2020.  They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully.The support team are very friendly and knowledgeable, and have excellent response times.

The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.

Adams & Remers

The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.

Martin David
Technical Director, Trap Oil Group plc

Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.

Carolyn Addison
Corporate Fundraising Manager, The Hospice of St Francis

Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.

Katherine Roe
Chief Executive Officer, Wentworth Resources PLC

The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.

Patrick Agar
Lambert Energy Advisory

It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.

Cindy Withey
Connect Dacorum

Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.

Stephen Pembury
Hawkstone Management Services Ltd

Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.

Charles Douglas
Managing Partner, Charles Douglas Solicitors LLP

The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.

Adam Helmy
Amoun Travel & Tours Ltd

Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.

John Bell
Group Technical Director, Salamander Energy plc

Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.

Clementine McKinley
COO, Perrett Laver Limited

.

Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.

Simon Lucas
Managing Director, Society Limited

The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.

Joe Menendez
CEO, The Vita Group

We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.

Holly Cottingham, Vintec Laboratories

Discuss Your Business’s IT Needs

Get in touch Request a quote