Phishing – The need to educate & upskill our employees
Our employees must be given the knowledge on how to recognise “phishing attacks,” in fact, a check list may be a feasible starting point. We are all aware that these attacks exist and are on the rise, but if our employees could recognise and report the phishing emails, texts, telephone calls, adverts and websites that form part of the fraud, the threat can be reduced.
Here is a snapshot of what to look out for:
- Spelling errors
- Poor grammar and punctuation
- Granulated logos – the logo is not clearly defined with sharp edges
- Look at the “from address” – it rarely matches the company being represented
- Content – be aware of what you are being asked
- Most frauds want you to click on another link
- Most’s frauds ask for personal information
- Government departments will not email you with a request, they use Royal Mail
- Government departments rarely call you; you normally call them
- Government departments are rarely threatening on calls
- Advertisement that seems too good to be true, ARE
- Telephone calls that ask for your personal information should be rejected. Tell them to send you a letter
- Telephone calls that ask for your bank account information should be rejected. Tell them to send you a letter
Most, if not all frauds are designed to steal or defraud the individual, Infoprotect obtained the following statistics from the NCSC.
- The NCSC managed to remove 68 000 reported frauds in November 2021 alone.
- They also removed 127 000 website URLs in the same period.
If you are subject to a phishing fraud you can report the fraud to the NCSC directly by sending the mail, or a mail to email@example.com.
If, through the fraud, you can prove that a crime or fraud has been committed, you can open a case on the government website below, or call them directly
www.actionfraud.police.uk or call 0300 123 2040
If you would like to find out more about how Cyber Insurance and Cyber Resilience can protect your business, then please do get in touch.
This article is adapted from an original post by Infoprotect which can be found here.