Simply Business - Insurance for your business

Call Us0333 0146 683
Our opening hours
Knowledge centre

Protect your business from phishing with these quick steps

3-minute read

Josh Hall

Josh Hall

1 July 2014

The number of phishing attacks against businesses and consumers has increased in recent years.

This aggressive form of data theft and fraud can be financially disastrous, and it is vital that you and your customers are properly protected, especially now that even 'fail-safe' organisations like HMRC are falling victim to phishing attacks (read our guide to spotting a fake HMRC email whilst you're here). So how can you safeguard yourself against phishing?

What is phishing?

‘Phishing’ describes an attempt on the part of criminals to discover and record your personal information. This might include passwords to sites you use regularly, your credit card details, or other such sensitive data.

Phishing generally works by sending emails or other communications that purport to be from a reputable site or institution such as a bank or email provider. Phishing attacks have become increasingly sophisticated, and these communications can be very convincing.

You will then generally be asked to click on a link, which will take you to a page that asks for your details. Alternatively, the link or an attachment might contain ‘malware’, designed to infect your computer and, for example, track your keystrokes in order to gather private data.

Although phishing has existed since at least the mid-1980s, increased email use along with the proliferation of social media platforms such as Facebook has meant that both businesses and consumers are at increased risk from attack.

How can businesses protect themselves against phishing attacks?

There is a common misconception that it is only consumers who are at risk of phishing attacks. In fact, these intrusions affect both individuals and businesses, and it is increasingly important that firms of every size protect themselves.

First, it is vital that you install reputable antivirus and anti-malware software. While spam filters and malware warnings are built into some email providers, such as Gmail, you may not have these installed as standard. This should be a key part of your overall digital security plan.

But how can you identify phishing attacks that do make it into your inbox?

  • Messages will often contain phrases like ‘reset your password’ or ‘verify your account’, and you will then be asked to enter your details ostensibly in order to regain access.
  • Attacks will often suggest that an account has been suspended, or that you need to give further details in order for your account to remain open.
  • Links in emails will often not be as they appear. By hovering your cursor over the link you can see whether the address matches. You should be wary of links that are completely different from the company in the email or misspellings of the name of the site from which the email has apparently been sent.

And what should you do if you receive a suspect email?

  • Do not click on any of the links contained in the message.
  • Do not open any attachments.
  • Forward the message to the site from which it purports to have been sent in order to have it validated.

What if a phishing attack is made in my name?

Businesses also need to be alert to the risk of phishing attacks being made in their name. As your business grows this risk increases, and you need to build a strategy to deal with this possibility.

You should already have a clear plan in place for social media crisis management. This plan should include details of the social communications that you will issue in the event of a phishing attack. You should remember that social channels are likely to be the first means by which you learn of a phishing attack, as customers may query suspicious emails with you, using platforms like Twitter or Facebook.

If a phishing attack has been made in your name, prompt action is important. You should issue communications across all available channels making clear that the email is not genuine, that it has not come from you, and that recipients should not click on any of its links or download its attachments.

You should also consider setting up a dedicated email address to which customers can forward suspect emails. This will help you to quickly identify potential phishing attacks, and will enable you to reassure customers as to whether or not a message they have received is genuine.

Finally, you should consider publishing a list of all the email addresses or domains from which you will send emails. By listing these on your website you can provide a simple guide for recipients who have received an email purporting to be from you, but which comes from an unrecognised email address.

Ready to set up your cover?

As one of the UK's biggest business insurance providers, we specialise in public liability insurance and protect more trades than anybody else. Why not take a look now and build a quick, tailored quote?

Start your quote

We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer

Find this article useful? Spread the word.


People also liked

Landlords could be targeted in new capital gains tax raid.

19 November 20202-minute read

Landlords could be targeted in new capital gains tax raid

Landlords could be hit by another massive tax raid, as the Office of Tax Simplification outlines its recommendations for an overhaul of…

Read more

Keep up to date with Simply Business. Subscribe to our monthly newsletter and follow us on social media.

Subscribe to our newsletter


Popular articlesBusiness resources from FarillioGeneral businessGuestInsuranceLandlordLandlord resources from FarillioLegal and financeMarketingNewsOpinionProperty maintenanceTradesmanCovid-19 business support hub


6th Floor99 Gresham StreetLondonEC2V 7NG

Sol House29 St Katherine's StreetNorthamptonNN1 2QZ

© Copyright 2021 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.