The National Cyber Security Centre (NCSC) in the UK has highlighted phishing as the most prevalent threat to businesses, constituting 83% of cyber-attacks, as per their 2022 study.
Unlike more intricate methods of attack, phishing typically employs a direct approach, landing in your inbox and relying on your click without thorough reading. The statistic from NCSC underscores how sometimes the simplest threats can be the most effective.
However, despite this significant risk, the NCSC also notes that fewer than one in three organisations provide training to their staff on how to remain secure or conduct simulated phishing exercises. Understanding the nuances of phishing significantly reduces susceptibility, here are our top tips for surviving a phishing attempt:
Verify the Sender's Identity
Do Not Trust Unsolicited Emails
Always scrutinise the sender’s email address. Exercise caution with addresses that seem dubious or contain misspelt domain names.
Be wary of emails from unfamiliar or unexpected sources, particularly if they solicit sensitive information.
Approach unsolicited emails that request link clicks, attachment downloads, or personal/financial information with scepticism.
Confirm the authenticity of the sender or organisation through their official website or contact details.
Check for Generic Greetings
Hover Over Links
Phishing emails often resort to generic salutations like “Dear Customer” or “Dear User” instead of addressing recipients by name. Legitimate organisations typically use your name.
Prior to clicking any links in an email, hover your mouse cursor over them to reveal the actual URL they direct to. Ensure it matches the official website of the purported organisation.
Refrain from Sharing Personal Information
Enable Two-Factor Authentication (2FA)
Avoid disclosing sensitive details such as Social Security numbers, credit card information, passwords, or account credentials via email. Reputable entities do not request such data through email.
When feasible, activate 2FA for your email and online accounts. This adds an additional security layer by necessitating a secondary form of verification besides your password.
Utilise Anti-Phishing Tools
Authenticate Requests for Money or Gift Cards:
Numerous email providers and security software offer anti-phishing tools that aid in identifying and filtering out phishing emails.
Exercise caution with emails requesting money transfers or gift card purchases, particularly from unfamiliar or unanticipated sources.
Educate Yourself and Others
Report Suspicious Emails
Stay abreast of prevalent phishing strategies and trends. Regularly educate yourself, as well as your family or colleagues, on recognising phishing attempts and associated risks.
Upon receiving a phishing email, promptly report it to your email service provider or relevant authorities. This proactive measure helps prevent others from succumbing to the same scam.
Report Suspicious Emails
Keep Software Updated
Upon receiving a phishing email, promptly report it to your email service provider or relevant authorities. This proactive measure helps prevent others from succumbing to the same scam.
Ensure your operating system, email client, and antivirus software are updated with the latest security patches.
Opt for a Reputable Email Service
Consider using a trusted email service equipped with built-in phishing detection and filtering capabilities.
Remember that phishing tactics continually evolve, with attackers becoming more sophisticated. Maintaining vigilance and caution when interacting with emails remains your primary defence against falling prey to phishing scams.
