It is very likely that you will have received a phishing attempt or spam email in the last 24 hours, thankfully most of them are dealt with by the spam filters and security scanners that we have on our devices and accounts. However, spam emails are something we still see everyday and those behind them are adapting them to make them harder to spot.
BDO, a business consultant and tax auditor reported that six of out ten-midsized businesses in the UK were victims of fraud in 2020. The average loss of these attacks was £245,000.
So, how are businesses targeted?
More often than not, when you are targeted by a phishing attack, this is part of a coordinated cyber-attack with the goal being to extract your personal information. A trend that is currently being seen is using LinkedIn to scam businesses, the fraudsters will target those who list themselves as working for the target company on LinkedIn or that they have connections to the company.
The fraudsters are able to engage with victims using spam bots, they will send a phishing email to those identified on LinkedIn that are connections or employees and use the information they’ve gleaned to form a convincing email.
The email aims to gain the victim’s trust and lure them into giving valuable information or transferring money. Over the last few years, there have been examples of this with the Royal Mail chatbot scam, DHL Express, and Facebook Messenger.
Action Fraud produced the below video to demonstrate how easy it is for cybercriminals to find out information about you, using what you have shared online. How would you fancy ordering a coffee and having your maiden name, bank details and address written on your coffee cup?
How do I protect myself and my business?
There are some simple steps that you can take to reduce the risk of being targeted by one of these fraudsters. These include:
Double checking the senders’ details - if you don’t recognise it DO NOT REPLY!
Double check the email subject, were you expecting this email?
Consider every piece of information that you share online, the less you share the better!
If you are contacting by someone suspicious claiming to be a contact you know, use another means to contact that person rather than responding to the email/phone call.
Install security software such as antivirus programs and spam filters to stop employees from accessing malicious websites.
Ensure that all software is updated with the latest security patches and updates.
Enforce password policies that ensures all passwords will include a minimum password length, numbers and special characters to add complexity.
Use two-factor authentication to remain in control of your accounts even if hackers compromise your accounts and systems.
Train your employees to make sure they know how to spot the signs of a suspicious emails and other cyber-attacks. Training should be regular and not a one-off occurrence to keep the HR department happy.
Start protecting your business today with The Cyber Resilience Centre for the South East
We exist to help you reduce your business’s cyber related risk and to increase your cyber resilience. We do this by developing your knowledge in key areas so that you can implement basic methods of cyber hygiene.
If you left your windows and doors open at night, your risk of burglary is significantly increased. The impact of leaving your website unprotected or not doing regular software updates has the same level of risk, as they are your digital entry points as opposed to physical.
To help you to guard your business from cyber-attacks in the way you would protect your premises against fire and flood, we offer a free membership package. This is not a membership package that puts heavy demand on you, instead it gives you access to regular simple, easy to follow guidance, tools, and resources as well as the opportunity to have a jargon free 1:1 conversation to help you understand your current business cyber related risks.