What is Phishing?
Cyber attacks are becoming increasingly common and more sophisticated; one of their most common, everyday forms is Phishing attacks. Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email.
Phishing emails can hit an organisation of any size and type, either through a mass campaign that can reach millions of users directly or through a targeted attack on your company. The latter is known as ‘spear phishing‘.
Signs of a Phishing Email
To help you recognise a phishing email, we will show you some real-life examples starting with one that WA Management’s Office & Accounts Manager Amie received recently. We have highlighted the clues of it being fraudulent on the images.
Our second example is a very convincing one but there are still a few signs that help you realise it is not a legitimate email from PayPal.
How Can You Protect Your Business?
Every organisation can do its part to protect against the impact of phishing attacks. No matter if you are a big or small organisation, here are the key steps to employ to protect your business and staff:
- Make it difficult for attackers to reach your users – a possible solution is employing the anti-spoofing controls: DMARC, SPF and DKIM, and encourage your contacts to do the same.
- Help users identify and report suspected phishing emails – make sure your staff are trained up in Phishing Awareness and that there is a well-known process in place for them to report any suspicious emails they may receive.
- Protect your organisation from the effects of undetected phishing emails – the main forms are protection are anti-malware software and having strong authentication and authorisation measures in place such as using strong passwords and two-factor authentication for devices.
- Respond quickly to incidents – have an incident response plan so you know what to do if someone does fall for a phishing attempt and gives out confidential data.
If you have been inspired to get training in place for your business, you can get an exclusive 10% off WA Management’s Cyber Security & Phishing Awareness E-Learning by using the code ‘cyber10’ during checkout! This offer only lasts until the end of the month so don’t miss out on accessing the truly valuable guidance these courses offer to ensure your organisation stays cyber-safe.