Contact Sales

Phishing Emails – The Risks Explained

Whilst the business community is fighting to maintain continuity during the current crisis, it’s more important than ever that your staff don’t get caught out by phishing emails. The last thing any IT department needs at the moment is (another!) virus or a serious security breach to deal with on top of everything else. That means now is an ideal time to remind your employees of the risks posed by phishing and to ensure they remain vigilant.

Posted 13/05/2020

It’s a sad fact of life that the not everyone is addressing the challenges arising during the current pandemic in a positive and helpful manner. Unfortunately, fraudsters across the globe are using it as an opportunity to prey on individuals and cause havoc where they can. In the UK, phishing emails purporting to be from Government departments are on the rise; fraudsters are also busy pretending to be all sorts of other organisations including the World Health Organisation (WHO), medical experts, banks or other financial organisations – even your own business.

Your employees should all be aware and on the look out for the various different types of phishing emails.

  • Deceptive Phishing is any attack where fraudsters impersonate a legitimate organisation and attempt to steal personal information or login credentials. HMRC scams offering tax rebates are an example of this.
  • Spear Phishing is when the attack email includes the victim’s name, position, company, work phone number or other information in an attempt to trick you into believing an action is being requested by a known connection.
  • CEO Fraud involves targeting an executive in an organisation and using their credentials to perform a CEO scam. An email, seemingly addressed from the CEO or other member of senior management, is falsely created by a scammer in order to exploit the trust of employees and lure them into sharing confidential information or even making business payments.

Why are risks heightened by remote working?

The UK’s National Cyber Security Centre (NCSA) and the USA’s Cybersecurity and Infrastructure Agency (CISA) have observed criminals scanning for known vulnerabilities in remote working tools and software – evidence that fraudsters are looking to take advantage of the increase in people working from home. This includes exploiting an increased use of video conferencing software. In this instance, phishing emails with attachments naming legitimate video conference providers aim to trick users into downloading malicious files.

Employees often use the same password for multiple services, including for accessing work systems such as CRM as well as ecommerce sites and social media. This presents a serious danger point for the business as once information has been stolen via some form of phishing activity, the data can then easily be sold to the highest bidder on the Dark Web. Companies do have some protection against this via dark web monitoring services which can scan for specific data such as names, numbers and email addresses and detect that a breach has occurred before any further damage is done.

Unfortunately, fraudsters will always be lurking behind closed doors attempting to take advantage of others, and finding new ways to trick the unsuspecting. What every business must do – particularly during uncertain times – is ensure that every member of staff is up-to-speed on how to protect themselves and what to look out for. Ongoing training is vital – no least because your workforce is your first line of defence. 

During these challenging weeks and months, the technology experts at Access Group are working hard to offer support and resources to help businesses. For more information on phishing, dark web monitoring and the other technology-related issues you are currently facing, please contact us. We would be delighted to help.