Protecting your Business from Email ‘Phishing’ Scams

Posted on Thursday, April 14, 2016

It is an unfortunate but inescapable fact of modern day business, that there are a huge variety of different cyber-security threats that you must be both aware of and protected against. One such threat that is almost ubiquitous and which you must know how to combat are so-called email ‘phishing’ scams.

‘Phishing’ is the practice of cyber-criminal elements sending individuals or companies emails seemingly from a known and trusted sender, in the hope of inducing the recipient to divulge sensitive information like passwords, bank details and other personal data. Those hackers and unsavoury elements who launch such ‘phishing’ scams often research organisations through social media or websites to make it more difficult to identify their emails as fraudulent and that makes these scams tricky to always avoid. Fortunately however, there are a number of things you can do to protect your business from such attempted cyber-attacks.

Read and Check All Emails Carefully

As we have already touched upon above, the most sophisticated and tricky to combat ‘phishing’ scams do use prior research to make their emails seem as official and trustworthy as possible. By reading and checking all emails – even those from seemingly trustworthy sources – as carefully as possible however, can still help you to sniff out those messages that may not be all that they seem.

Many ‘phishing’ emails for instance, are automatically generated and as such will include phrases or grammar which don’t seem to ring true or to read naturally or which simply include errors and mistakes that you wouldn’t expect. What’s more, these emails will likely often include Americanised words or turns of phrase and this is a good indicator of a message which is not from whom it claims to be. As well as the physically content of the email, context is also a good indicator of a scam in that if a message asking for specific information is unexpected or timed unusually then that should immediately ring alarm bells.

Don’t Commit to Anything if you’re Unsure

If any of the above, or something besides, makes you uncertain about providing information or details via email – even to someone you think that you trust – then don’t do so. Instead, you should take whatever steps you need to positively ascertain that you are not being conned.

What that could mean is requesting that the sender of the email provide a phone number that you can call them on or looking up the supposed sender’s number from your records and calling them yourself. If the supposed sender knows nothing of the email in question or if they refuse to provide a number to call, then you were right to be suspicious of the message. In that circumstance, you are often best forwarding the scam email to your bank or to a relevant authority so that it can be investigated.

Ensure that your Security Practices are Tip-Top

The above are great ways to stop yourself and your company from falling prey to email ‘phishing’ scams but even if you are fooled by such an email, you can still protect yourself by keeping your security practices as efficient and up to date as they need to be.

Anti-virus and anti-spam software for instance, can be just as effective at guarding against ‘phishing’ as it can against other potential cyber-security incursions. What’s more it is also sensible to put in place other safeguards, such as having business payments requiring the authorisation of more than one individual, which can mitigate the damage caused in the unlikely event that payment details are stolen via a ‘phishing’ scam.

Follow all of this advice therefore, and you should be well equipped to combat the threat of these potentially dangerous ‘phishing’ scams. The Mustard IT blog is full of similar handy hints and tips, and if you need more in-depth IT assistance you can get in touch with our professional advisors directly.