Data Phishing: Everything you Need to Know to Keep Your Business’s Data safe.

The more organisations understand about how to prevent data phishing the better; after all, 4 in 10 businesses (39%) and more than a quarter of charities (26%) report having suffered cyber security breaches or attacks in the last 12 months according to a recent government survey.

Indeed, when we add-up the cost of cyber-crime to UK businesses (which, astoundingly, reached £87 billion 2015-20) and consider the phishing attack increase seen throughout the covid-19 pandemic (as if businesses didn’t have it tough enough during this time!), it’s clear that the phishing threat isn’t going away any time soon. Therefore, business leaders should act accordingly to protect their assets, brand reputation, and data.

Phishing explained

Phishing is a hacking technique where ‘bait’ – often in the form of an ‘urgent’ request for information from a seemingly trustworthy source – is emailed or texted to users.

It involves tricking the user into clicking upon false links that redirect to a fraudulent, yet convincing-looking, website. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.

By and large, phishing emails are mass-sent to thousands of recipients at random, in the hope that at least one or two people will fall for the trick (maybe they’re busy and distracted at work, for example, a very good reason to refresh phishing awareness training regularly!).

A similar, yet more targeted, scam known as ‘spear phishing’ is slightly more artful. Spear phishing is designed to target a specific individual, often inside a particular organisation that hackers have chosen to infiltrate, and it often involves differing levels of social engineering to craft targeted attacks. Find out more about common types of phishing attack here.

Image

Phishing and social media

Phishing might also occur across social media channels, and this isn’t something businesses should overlook. After all, many members of staff use personal social media accounts during their break time or on their phone at work, and most organisations have professional social media accounts set-up to share company updates.

Hacked-accounts on social media might share links via a status update or private message – a method of phishing that’s highly effective since users are more likely to trust links sent from people they know.

Another common phishing tactic on social media is fraudulent customer-service representatives or ‘help desks’ asking users to verify their identity, or claiming users’ accounts are under attack and must be reset in some way. Of course, this always involves users sharing their login information with the fraudster.

In both these cases, people that re-use social media passwords for things like email accounts, work PCs, and online banking could find themselves in serious trouble if they fall for the con.

Data Phishing Prevention

Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can educate employees to avoid these sorts of phishing panic-attacks by offering regular cyber-security awareness training (including social media awareness training) designed to keep users alert and always wary of the messages they receive.

Using a phishing simulator tool can also test how effective your cyber-security training is by putting employees to the test with regular phishing simulation emails.

Designed to keep awareness levels high and offer additional phishing training to those who need it (i.e., those who don’t pass the test), phishing simulators can boost your organisation’s information security program and allow security professionals to monitor vulnerabilities.

Improving the Education Around Online Scams

Online safety is something we’re constantly telling kids – don’t speak to people you don’t know, don’t open any dodgy looking emails, and don’t give out personal details. This is all well and good, but online scammers are still finding victims to get money out of every day.

Whilst the younger generation are growing up with internet security being drilling into them to create a tech-savvy attitude, the older generations seem to be have been forgotten, and because of this they become the ones that are more regularly the victims of online crime.

Anyone can be a victim of online crime, with it being estimated that around £10 billion is lost every year in the UK alone because of cyber scams. Age UK reported that 43% of older people believe they have been a target for scammers.

The very fact that older people are more likely to live alone is a point that fraudsters look out for because it is a potentially lonely and vulnerable victim that they can take advantage of.

Scams can come through a number of sources: face-to-face doorstep conversations, over the phone, through the post, and on the internet – so now more than ever we need to know how to protect ourselves.

Angela Ramsay is a perfect example of how fraudsters targeted someone out of touch with technology and unaware scamming techniques.

“I was a 57-year-old lady living alone and was very happy in my new home. I loved my job and was financially secure after being left some money in a will from a lifelong friend. I had a lovely new man in my life, all was perfect. Then I was scammed.”

What happened

Angela was called at work from a number claiming to be Nationwide’s fraud team, when she checked the number that had rung, it matched up with a number listed online as Nationwide, so she thought everything was fine.

When they rung her back later on, they told her someone was attacking her account in the West Midlands. When she questioned their legitimacy, they reassured her that they were the number listed on the back of her bank card. She then got an email which began the process of them taking her money. They told her they were moving it to safe accounts.

The next morning, she rung the number that had called her, which put her through to Nationwide, she wanted to check everything was okay. They didn’t know what she was talking about.

“I broke down and screamed. I didn’t know what to do. I was feeling sick, a fool, ashamed and very depressed.”

After 3 months of persistent phone calls and questions, Angela managed to retrieve £53,000, leaving scammers with £14,000.

“I know I was very lucky to get that back, but I had to fight for it.”

Improving education on scamming

Angela admitted that she knew nothing about scammers and the techniques they used, and this is where the problem lies.

Education around scamming and online fraud needs improving, because although there is plenty of material online, not everyone has internet access, and as a result, it tends to be those people that are the easiest targets.

Increasing the production of physical material in branches to educate people on scams means that more people can be aware of the warning signs and stop things like this happening.

What are the warning signs?

It can be hard to spot a scam but following these steps could prevent you becoming the next victim of this modern crime.

It is out of the blue?

If a company calls you randomly, make sure you verify who you are talking to before giving them any information. Ask them to give you details that only that company would know. If you’re not convinced, then hang up and call the company directly. It is always better to be over cautious.

Too good to be true?

This is very simple, if it sounds too good to be true, it probably is

Personal details

Phone scammers work by getting personal information from you. No matter how small the detail is, it could be exactly what they need to steal your identity and go on to steal your money. Never share personal details with someone that can’t verify who they are.

Feeling hurried?

If a company is putting a time pressure on you to make a decision, that is when alarm bells need to be ringing. Anyone that tries to rush you should not be trusted.

Being the victim of a scam has a massive effect on your life, financially and emotionally. Following these simple steps and improving the education around scamming can stop people becoming victims of these cyber criminals.

This article is written by guest author India Wentworth [email protected]