The National Cyber Security Centre (NCSC) reports that the most common threat to businesses is phishing, accounting for 83% of cyber-attacks according to their 2022 study.
Unlike other more sophisticated methods of attack, phishing will often take a more straight-forward approach; landing in your inbox and banking that you'll click before reading. As the above NCSC statistic shows, sometimes the most effective threat is the simplest.
Despite this, the NCSC also reports that less than one in three organisations train their staff on how to stay safe or run mock phishing exercises. The more you know about phishing, the less likely you are to get hooked - so here's our top tips to survive a phishing encounter.
Verify the Sender's Identity:
-
- Always check the sender's email address. Be wary of email addresses that look suspicious or contain misspelled domain names.
- Be cautious of emails from unknown or unexpected sources, especially if they request sensitive information.
Don't Trust Unsolicited Emails:
-
- Be sceptical of unsolicited emails that ask you to click on links, download attachments, or provide personal or financial information.
- Verify the legitimacy of the sender or organisation through their official website or contact information.
Check for Generic Greetings:
-
- Phishing emails often use generic greetings like "Dear Customer" or "Dear User" instead of addressing you by name. Legitimate organisations typically use your name.
Hover Over Links:
-
- Before clicking on any links in an email, hover your mouse cursor over them to see the actual URL they lead to. Ensure it matches the official website of the organisation.
Avoid Providing Personal Information:
-
- Never share sensitive information like Social Security numbers, credit card details, passwords, or account credentials via email.
- Legitimate organisations will not request such information through email.
Enable Two-Factor Authentication (2FA):
-
- Whenever possible, enable 2FA for your email and online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
Use Anti-Phishing Tools:
-
- Many email providers and security software offer anti-phishing tools that can help identify and filter out phishing emails.
Verify Requests for Money or Gift Cards:
-
- Be cautious of emails requesting money transfers or gift card purchases, especially when they come from unfamiliar or unexpected sources.
Educate Yourself and Others:
-
- Stay informed about common phishing tactics and trends. Regularly educate yourself and your family or colleagues about the risks and how to recognise phishing attempts.
Report Suspicious Emails:
-
- If you receive a phishing email, report it to your email provider or the relevant authorities. This helps prevent others from falling victim to the same scam.
Keep Software Updated:
-
- Ensure that your operating system, email client, and antivirus software are up to date with the latest security patches.
Use a Reputable Email Service:
-
- Consider using a reputable email service with built-in phishing detection and filtering capabilities.
Remember that phishing attacks are continually evolving, and attackers are becoming more sophisticated. Staying vigilant and cautious when interacting with emails is your first line of defence against falling victim to phishing scams.