Glasgow Business IT Support

Ayrshire IT Support for Business

Lanarkshire IT Services

The Business Owners’ Complete Guide to Phishing

You have probably heard of the term “phishing” but not a lot of people know exactly what it is and how to avoid it. We want to help keep your business safe from phishing attacks. In this blog, we will explore the signs to look out for to keep your business protected.

What is phishing?

The term phishing originated due to its similarities to fishing. Cybercriminals will set up bait for innocent victims to “bite” into, much like a fish to the worm. In virtual terms, the bait is set up in the form of an email. When the innocent victim takes the bait, the attack will begin. This can result in devices and networks becoming infected with programs containing viruses (malware).
An alternative situation to this one is that people are persuaded to give away their login details. As you can imagine, this also leads to serious consequences. Not only data, but financial theft can occur when login details are passed over. Phishing is a nasty business and can cause a great deal of stress and anxiety. Aside from the emotional toll it takes on victims, the costs involved in fixing the damage can be costly. Phishing doesn’t only come in the form of an email, as technology develops, so do the tactics.

How much of a problem is phishing?

Here are some statistics which show how much of a problem phishing really is!

  1. In 2020, 28% of organisations experienced phishing attacks. In 2021, 83% experienced phishing attacks. It’s scary to see how quickly this issue has increased.
  2. Around 90% of data breaches occur because of phishing
  3. 47% of phishing attacks lead to ransomware, where your data is encrypted and held hostage until you pay a ransom fee
  4. A third of phishing emails that are opened and read resulted in 52% compromising login details.

The business owners complete guide to phishing scams

Rather just read online we also have Magazine version 

But how do cybercriminals trick people?

A phishing email will look as though its sender is genuinely legitimate. This is to the first step to getting you to open the email message. Some examples of this are when it looks like the email has been sent from a well-known company like Amazon or PayPal. Other times, the cybercriminal would have already collected certain pieces of information on you such as any online subscriptions and will use this information to try and make it relevant and relatable, only to fool you.

As they say, first impressions count and when pretending to be a genuine well-known company, you are likely to believe the contents of the email. These emails will often state that it is an urgent request for you to act.

Urgent request to take action:

You may be asked to open the file that has been attached or ask to confirm a recent purchase. In doing so, your device may become infected with malware. If that particular device is linked to a network, the malware can spread.

Another example is to ask you to click a link that will take you to a fake webpage (known as a spoof web page) imitating a service you use (they may have this idea from the information they have gathered about you). When you attempt to log in as normal, what you are actually doing is giving your login details to the criminals.

More forms of email phishing

  • Spear phishing: Sent to specific people who they have information on.
  • Man in the Middle attack: A cybercriminal jumps in the middle of an existing email thread and takes over the other side of the conversation.  ( you can even watch our ethical hacker tutorial which shows in real time how easy it could happen to your business)
  • Clone phishing: A copy of an email you’ve already received. The difference being is that this includes another message such as ‘resending this…’ but includes a malware link for you to click.
  • Whaling: Specifically pursuing people in executive positions, who mostly have access to sensitive areas of the business network.

What other ways can a phishing attack take place?

Pop-up phishing: A pop-up will appear on your screen which may ask you to download a file as there is a problem with your device’s security.

Vishing: This time, the attack is done over the phone. A “representative” from a company you know will call you and ask you to act. For example, they may ask for remote access to your device, or ask you to visit a website.

Spoofing: It looks real, but it’s not. A fake website made to look like the real thing will ask you to login. Once you have attempted to login, you have given away your credentials.

Knowledge is power; therefore, all staff should have regular cyber security awareness training. This will help employees during work hours but also outside of work in daily life.
Here are a few warning signs you and your staff should look out for:
• Misspelled words, websites, or email addresses

  • Oddly named attachments
  • Who the email is addressed to
  • Poor grammar and punctuation
  • An unusual layout to the email
The Business Owners’ Complete Guide to Phishing 1

Please do take a look at our full version PDF that will provide you with more information on how you can keep yourself safe and protected from phishing. 

If you want more information, or you need our help with protecting your business, please do get in touch.

Tags :
Share This :

Recent Posts

Looking for Business IT Support in Glasgow?

Contact us today. We’ve got plenty of ideas to make your business more efficient.