Have you ever received a phishing email?
Odds are you probably have (and might not even know it). These type of cyber attacks are easy to do, are increasing in their difficulty to spot and are very successful – current statistics list 91% of all cyber attacks starting with an email. That’s why it is important you and your staff know how to spot a potential phishing attack.
What is a phishing attack?
Phishing emails are targeted online scams used by cyber criminals to attack an organisation (via their employees) to gain access to information and sensitive data. These attacks are incredibly common, with 83% of organisations reporting that they were the victim of an attempted phishing attack in 2018 – an increase from 76% in 2017.
These emails may:
- Contain malware carried in an attachment such as a PDF or file download.
- Ask you to click on a link, taking you to a questionable website.
- Be masquerading as a legitimate organisation requesting confirmation of sensitive data or a password change.
Phishing attacks come in all shapes and sizes – the most common being a mass-scale phishing attack in which the cyber criminals send out mass, non-specific phishing attacks hoping to trick a number of people into revealing sensitive information or data.
How could this impact your organisation?
Cyber attacks or phishing and breaches can have extremely detrimental effects on organisations. If you were to suffer one of these attacks, they could expect to face severe reputational, legal and financial effects that impacts the organisation both at the time of the attack and for years to come.
How do you spot one?
The best thing any organisation can do to prevent a phishing attack from impacting them is to build staff awareness around identifying and stopping phishing emails. Following staff awareness training, nearly 60% of organisations saw an increase in employee’s ability to detect and stop phishing attacks from impacting their company.
Despite their prevalence, phishing emails can be easy to spot if your staff know what to look for. There are five key red flags that employees should pay attention to when reviewing emails:
- Request for personal information – If the email you have received appears to be from a legitimate source but is requesting information that the known organisation wouldn’t typically request, there is a high probability you are being targeted by a phishing attack. For example, your bank requesting that you confirm your account details and pin number via email.
- Unknown or questionable senders – If the email you have received is from an unknown sender, or a name you don’t recognise, and they are requesting that you download an attachment, click on a link or submit personal information to them, it could be a phishing attempt. Similarly, if the email is not personalised but instead begins with a phrase such as ‘Dear Customer’ there is a high chance it is a phishing attempt.
- Spelling and grammatical errors – If you have received correspondence from a well-known organisation, however their email contains a number of spelling and grammatical errors there is a high chance it is a phishing attack.
- Misleading URLs or domain names – When reviewing emails that appear suspicious, one way to confirm if they are a phishing attempt is to confirm that the URL listed aligns with the hyperlink provided. If you hover over a URL without clicking, the embedded hyperlink will appear – if the hyperlink within is different to the shown URL there is a high probability this is a phishing attack.
- Demanding or alarming wording – Emails that contain phrases such as ‘Urgent Action Required!’ or ‘Your account has been hacked!’ are phishing attacks designed to illicit an immediate response from the recipient. These attacks capitalise on the recipient’s anxiety upon receiving these messages and the likelihood of them responding and providing personal information.