Phishing attacks – don’t take the baitReading Time: 2 minutes2nd September 2017 | Modified: 19th December 2022
Phishing attacks by cyber criminals are becoming much more difficult to spot and many people are still being duped into taking the bait.
Phishing is a common form of cyber-attack where fraudulent emails or fake websites are used to steal personal data and money from people.
While Microsoft now offers tools to guard against such threats, there’s no alternative to ensuring your employees behave responsibly by treating all unsolicited emails with caution.
Gary Jowett from CNC in Brighton says: “There are some basic rules staff should follow to reduce the threat of phishing. They should always be wary of emails asking for confidential information because banks and other legitimate organisations don’t normally ask for such information via email. And they should not be scared by threats that your account will be disabled or services disrupted unless you update certain information immediately. This type of message is a scam.”
Not always random
While many attacks are totally random and easily spotted, others suggest that criminals know enough about you to attempt sending an email claiming to be from an organisation you deal with.
They may do this at a certain time of year when you’re expecting to communicate with an organisation you’re familiar with. How do they do this? They could have got hold of marketing data which connects you to these organisations. Or, they may have looked at your Facebook, Twitter or LinkedIn accounts and seen you refer to a certain organisation. In fact, there are many ways criminals can find out how to break into your personal world.
Phishing attacks are more likely to be from a foreign country where the sender cannot be easily tracked down and arrested. So, one indication can be poor spelling and bad grammar because the sender may have used a translation tool to send the email in English.
Gary says: “Employees should never submit confidential information via forms embedded in email messages and never try links in such emails. If it’s claiming to be from your bank, it’s best to be completely sure by calling them direct or using their secure online services instead to see if they really have contacted you.”
Advanced Threat Protection
An additional safeguard to consider is Advanced Threat Protection from Microsoft for Office 365 users. ATP examines emails and links and sets them aside in a so-called “sandbox detonation chamber” so that attachments and links can be safely removed without harming your IT system. Or, they can be further scrutinised before being sent on to the intended recipient.
ATP can be easily added on to a wide range of Office 365 subscription plans including Office 365 Business Essentials, Business Premium and Enterprise plans E1 to E4. For more advice and guidance speak to an independent IT consultant.
Gary says: “ATP is good to have but no amount of armour can protect against every threat posed from phishing and other cyber-attacks. So, don’t be lulled into a false sense of security. The first principle should always be to make sure your staff and managers are following basic safety rules – just as they have to when operating vehicles and other machinery or travelling on business.”