Centralising your business communications through online services is the most effective way to keep your business running efficiently in and out of the office.
However, with new securities, efficiencies and collaborative tools come new ways for criminals to gain access to your data.
Email phishing has seen a sharp increase in recent years. CSO noted that research conducted by Symantec estimates “every 3,722 emails in the UK is a phishing attempt”.
With around half of all cyberattacks in the UK involving email phishing in some instances, it is imperative that businesses do more to educate their employees about the potential dangers of phishing and spearfishing.
The Attack
Email phishing is a form of online scam that aims to gain sensitive information or plant malicious software onto your device by impersonating the identity of another business via email.
Phishing emails can look extremely convincing, even adopting the format, branding and language of the impersonated business’ emails.
Phishing emails are typically created to impersonate large businesses with a varied audience in the millions, such as Amazon or Paypal, and sent en masse at random.
The intent here is to create an email common enough that it will likely apply to many people within the group, i.e. “there’s an update on your purchase…” or “you have received a payment…”. As this message would be somewhat familiar to many users of this service, it wouldn’t necessarily seem suspicious.
Spear phishing, whilst similar in form, varies in its audience. Spear phishing attempts to target specific individuals. These individuals can be targeted for their personal information or used to gain sensitive information about the business for whom they work.
Criminals often collect detailed profiles about the individual via social media, in order to sound as convincing as possible.
As more and more businesses adopt new hybrid models of working - particularly since the COVID-19 pandemic, which has resulted in many employees remaining partly or entirely at home - these attacks have become a more frequent threat for businesses.
Keeping Safe
Whilst both of these cyber attacks can cause real damage to a business, they can be prevented.
Ultimately, knowledge is key, and the better your teams can identify phishing emails before they become a problem, the safer your business will remain.
You may want to consider a Phishing Email Assessment:
The assessment is a great simulation of what to do once the phishing emails reach your inbox, but what more can you do?
Phishing emails are not without their digital telling cards - ultimately, links within emails will lead to a harmful site or download. By blocking malicious DNS connections you can help further protect those employees who may miss the signs:
Concorde Technology is Here to Help
For more information regarding cybersecurity and how Concorde Technology can support you and your business, contact a member of our expert team today on 03331 300600 or email us at enquiries@tctg.co.uk
Concorde Technology Group provides world-class technology services, including Technology Solutions, Cloud Solutions, Communications and Cyber Security.