Most people are aware that they need to protect themselves and their personal information online but would you know the clear signs of a phishing scam when it lands in your inbox?

Phishing emails have been deemed the number one threat to UK businesses, so we’ve listed below the top 9 signs that the email you’ve received might be a phishing scam;

1. A generic greeting – watch out for Dear Member, Dear xx company customer, a generic Hello or your email address appearing as the greeting

2. A request to update or verify information – passwords, credit card numbers or bank details

3. A sense of urgency – advising you to act within a 48 hour period otherwise access/expiry will occur

4. A deceptive email ‘From’ Address – something similar to a legit email for example

5. A deceptive URL – where the display text looks official but when you hover over it, the linked text or web address goes to an alternative website

6. An attachment – legitimate organisations rarely email documentation out of the blue, be wary unless you’ve specifically requested information from a company

7. Spelling errors & typos – because most phishing scams come from abroad you’ll might notice grammatical errors and spelling mistakes, some which are intended to avoid spam filters

8. A request for a Donation – emails that look like official charities requesting donations

9. Notification of winning a prize – you’ll usually be asked to pay a processing fee as well as provide personal information. Delete emils from competitions or lotteries that you havent entered as they will be a phishing scam.

Industry research by security company Clearswift has reported that malicious links within emails are perceived as posing the biggest cyber threat to UK businesses, with 59% of business decision makers highlighting this as their chief concern. This is indicated to be far more than any other cyber threat.

The research surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia.

When asked what they see as the biggest threat to their organisation, business decision makers ranked phishing emails as the top threat in all four surveyed regions:

Cyber Threatscape Top 10
1. Malicious links within emails – 59%
2. Employees sharing usernames/passwords – 33%
3. USB memory sticks/removable storage – 31%
4. Users not following protocol/data protection policies – 30%
5. Ex-employees retaining access to network – 28%
6. Infection via malware from personal devices – 26%
7. Hackers – 25%
8. Employees using non-authorised tools/applications for work purposes (personal email drives/file sharing) – 25%
9. Social media viruses – 24%
10. Critical information on stolen devices – 23%

The survey findings are aligned to previous NCSC assessments; email remains a popular tool for attackers to launch cyber attacks, distribute ransomware and other forms of malware, or to commit fraud via business email compromise.

So what exactly is phishing?
Phishing describes a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link. Phishing can be conducted via a text message, social media, or by phone, but these days most people use the term ‘phishing’ to describe attacks that arrive by email. Email is an ideal delivery method for phishing attacks as it can reach users directly and hide amongst the huge number of benign emails that busy users receive.

Phishing emails can hit an organisation of any size and type. Aside from the theft of information, attacks can install malware (such as ransomware), sabotage your systems, or steal money through fraud. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign the attacker may use information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

Protect yourself and your business from the threat of cyber attack. Get a FREE on-site, non-intrusive, deep network analysis to determine how effective your existing Cyber Security measures are.

Call us on 0345 644 2245 or click here to fill in our enquiry form and a member of the team will be in touch.