Phishing statistics
- The worldwide cost of phishing email scams is estimated at around £3.5 billion per year
- More than 150 million phishing emails are sent each day
- A staggering 30% of phishing email messages are opened by recipients
- More than one in 10 who open a phishing email will click on links or attachments
Tackling phishing emails
Whether at work or in our personal life, the vast majority of people assume they would never fall for a phishing email scam. Unfortunately, this type of fraudulent activity is costing businesses billions of pounds each year. Aside from the financial loss and impact on reputation, phishing scams can divert precious time away from growing your business to securing your systems. There are ways and means of protecting yourself from phishing emails, but do you know exactly what you are looking for?
What is a phishing email?
A phishing email is an attempt to fraudulently obtain information sensitive from an individual or a company. Sophisticated phishing scams appear to be sent from the correct email address, the tone of the text is professional, and the various links and attachments do not seem out of the ordinary. The problems start when you open the attachment or click on the links causing you to unknowingly share often private and confidential information.
Different types of phishing emails
Aside from the wide-ranging, unfocused scams there are other types of phishing methods to be aware of:
Spear phishing
As the name suggests, spear phishing emails are focused at targeted individuals and companies. In many cases the fraudsters will have done their homework beforehand, already be aware of various personal details of the recipients which add credence to their email content. Do you have a LinkedIn account? Are you part of any public business forums? Be very careful what kind of information footprint you leave on the Internet.
Clone phishing
This is one of the more sophisticated types of phishing email scam as the fraudulent links will take you to a site which is almost identical to the “real thing”. This type of fraud is particularly prevalent in areas such as finance, banking and tax returns. These are subjects where, once you let your guard down with a seemingly valid email, you might give away personal information and banking details. In the hands of fraudsters this type of information can have devastating effect on your business.
Whaling
This type of phishing email is aimed at those at the top level of management; the politicians, the celebrities, the leaders. The use of scare tactics such as subpoenas and detailed questioning about a company or individual’s tax situation can cause many to believe that they are vulnerable. Once in this position, the recipients are much more susceptible to follow links which on a stand-alone basis they would never normally trust.
Top five ways to spot a phishing email
Whilst phishing emails are becoming more and more sophisticated, there are still ways to identify them:
- The most basic phishing emails will address you in general terms as opposed to using your name.
- Many of the internal email links will look correct but if you hover over the hyperlink you will see the actual URL. Is it different?
- Any email asking for general or confidential information must be viewed with caution. Did you request this email? Why would a company be asking for your information if they already work with you?
- Does the email inject a sense of urgency into your thought process? Is there an element of panic and mention of deadlines which may have passed?
- Look out for grammar and spelling errors. Does the email read correctly? Does it make sense?
If you have any suspicions about an email, call the company directly. Do not use the contact details from within the email, Google the correct company website address and obtain contact details from their website. A two-minute phone call could safeguard your company and protect your investments.
Cloudworks can protect you against phishing SCams
Cloudworks have been continuously protecting their clients for years by setting up powerful and effective systems to scan and identify any rogue communications attempting to permeate the business. We use Office 365 Advanced Threat Protection (ATP) to create anti-phishing policies specific to your users to block malicious links in emails and provide attachment quarantining for viruses. We also offer:
• Advanced mailbox security
• Advanced protection of your online storage files
• Removal of unsafe attachments and rogue links
• Identifying trending scams and fraudulent emails
• Regular strategy meetings and security reports
• User education
Education, education, education.
Ongoing education for all users on the different types of scams and malware is fundamental to your overall protection as it provides the knowledge to recognise malicious content, how not to interact with it yet still flag suspicious emails safely to our investigation team. We show users real phishing examples to help them identify when an email is suspicious and can also create simulated phishing campaigns to uncover which users may need extra help or training.
If you any questions about phishing, or have been affected by scams and would like to discuss your business security with one of our experts, please call us on 0115 824 8244 or email hello@cloudworks.co.uk.