39% of all UK businesses identified at least one cyber security breach or attack in the last 12 months. Among these firms, the most common type of breach is related to phishing attacks (reported by around four-fifths of businesses (83%) that were attacked (CSBS 2021). This figure has risen from 72% in 2017 to 83% now.
How to recognise Phishing?
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts.
Scammers often update their tactics, but there are some signs that will help you recognise a phishing email or text message.
Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, an online store or even your own manager or colleague.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice and ask you to pay for the invoice or try to initiate a "chat"
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
Here’s a real-world example of a phishing email.Imagine you saw this in your inbox. Do you see any signs that it’s a scam? Let’s take a look.
The email looks like it’s from a company you may know and trust: Netflix. It even uses a Netflix logo and header. The email says your account is on hold because of a billing problem.
The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this. The email invites you to click on a link to update your payment details.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information. And they can harm the reputation of the companies they’re spoofing.
Four Steps To Protect Yourself From Phishing
- Protect your computer by using security software. Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. At EPX, we recommend our partners to use the Email Threat Protection product providing multi-layered filtering that permits legitimate email while blocking malicious threats such as phishing, impersonation, malware, ransomware, and spam-type messages—all automatically.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats. There are also antivirus and basic protection apps available for all mobiles, from trusted companies such as AVG, Avira, Sophos, etc.
- Protect your accounts by using multi-factor authentication. The additional credentials you need to log in to your account fall into two categories: Something you have — like a passcode you get via an authentication app or a security key. Something you are — like a scan of your fingerprint, your retina, or your face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Many modern mobile phones include backups as part of the initial setup. iPhones use iCloud and Android phones use Google accounts. Both can be set up when you first get the phone or later on under the "backup" settings.
What To Do if You Suspect a Phishing Attack
If you get an email or a text message that asks you to click on a link or open an attachment, answer this question: Do I have an account with the company or know the person that contacted me?
If the answer is “No,” it could be a phishing scam. Go back and review the tips on How to recognise phishing and look for signs of a phishing scam. If you see them, report the message and then delete it.
If the answer is “Yes,” contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.
What To Do if You Responded to a Phishing Email
If you’ve been tricked into providing your banking details, contact your bank and let them know.
If you received the message on a work laptop or phone, contact your IT department and let them know.
If you opened a link on your computer or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds.
If you've given out your password, you should change the passwords on any of your accounts that use the same password.
If you've lost money, tell your bank, and report it as a crime to Action Fraud (for England, Wales, and Northern Ireland) or Police Scotland (for Scotland). By doing this, you'll be helping the battle against criminal activity, and in the process prevent others from becoming victims of cyber-crime.
About EPX Technical Services
We host regular webinars to keep our partners informed on technology, business, IT, scam news and Cybersecurity.
Sign up if you would like to be included in our mailing list for the upcoming events and webinars.JTVCZm9ybWlkYWJsZSUyMGlkJTNEMyU1RA==
