The number of phishing attacks against businesses and consumers has increased in recent years.
This aggressive form of data theft and fraud can be financially disastrous, and it is vital that you and your customers are properly protected, especially now that even 'fail-safe' organisations like HMRC are falling victim to phishing attacks (read our guide to spotting a fake HMRC email whilst you're here). So how can you safeguard yourself against phishing?
‘Phishing’ describes an attempt on the part of criminals to discover and record your personal information. This might include passwords to sites you use regularly, your credit card details, or other such sensitive data.
Phishing generally works by sending emails or other communications that purport to be from a reputable site or institution such as a bank or email provider. Phishing attacks have become increasingly sophisticated, and these communications can be very convincing.
You will then generally be asked to click on a link, which will take you to a page that asks for your details. Alternatively, the link or an attachment might contain ‘malware’, designed to infect your computer and, for example, track your keystrokes in order to gather private data.
Although phishing has existed since at least the mid-1980s, increased email use along with the proliferation of social media platforms such as Facebook has meant that both businesses and consumers are at increased risk from attack.
There is a common misconception that it is only consumers who are at risk of phishing attacks. In fact, these intrusions affect both individuals and businesses, and it is increasingly important that firms of every size protect themselves.
First, it is vital that you install reputable antivirus and anti-malware software. While spam filters and malware warnings are built into some email providers, such as Gmail, you may not have these installed as standard. This should be a key part of your overall digital security plan.
But how can you identify phishing attacks that do make it into your inbox?
And what should you do if you receive a suspect email?
Businesses also need to be alert to the risk of phishing attacks being made in their name. As your business grows this risk increases, and you need to build a strategy to deal with this possibility.
You should already have a clear plan in place for social media crisis management. This plan should include details of the social communications that you will issue in the event of a phishing attack. You should remember that social channels are likely to be the first means by which you learn of a phishing attack, as customers may query suspicious emails with you, using platforms like Twitter or Facebook.
If a phishing attack has been made in your name, prompt action is important. You should issue communications across all available channels making clear that the email is not genuine, that it has not come from you, and that recipients should not click on any of its links or download its attachments.
You should also consider setting up a dedicated email address to which customers can forward suspect emails. This will help you to quickly identify potential phishing attacks, and will enable you to reassure customers as to whether or not a message they have received is genuine.
Finally, you should consider publishing a list of all the email addresses or domains from which you will send emails. By listing these on your website you can provide a simple guide for recipients who have received an email purporting to be from you, but which comes from an unrecognised email address.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2021 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.