We all send emails daily. Yet, an increasingly large number of emails are a phishing email. Phishing (pronounced “fishing”) emails are sent by criminals who want you to give them your personal details. The email will ask you to fill in a form or to click on a link and download code to your computer – this allows the criminals to simply gather information or more severely, attack your IT system by implanting malware: software that will disrupt or destroy your data or tools or install ransomware, which encrypts data that will only be released once the victim has paid a ransom. Cybercrime is sadly rife.
Over 90% of ransomware attacks start from someone opening a phishing email
A phishing email often looks legitimate with accurate branding but the message usually contains a sense of urgency, encouraging the intended victim to act quickly without thinking, or it will contain an enticement to click on the link or attachment to secure a deal or to reveal an exclusive piece of information.
Most of us believe that we’re savvy enough not to open a phishing email, particularly when they are full of spelling mistakes or poor grammar. However, as we’re now better at spotting such emails, the criminals have become better at designing them. They may use a genuine-looking template or an email address that is just like an original – swapping a 0 for an o for example.
30% of recipients open an email within 4 minutes of receiving it. One third, always click any attachments or links…
The 3 reasons why someone opens a phishing email:
- they are trying to be helpful
- they are busy or stressed and not thinking about phishing
- the phisher wrote a compelling email that sounds and looks genuine
These are all genuine reasons for opening an email or attachment so you cannot blame an employee. Cyberbrime: Criminals will go to extreme lengths to gather information and the Department for Digital, Culture, Media and Support states that SMEs have a 1 in 2 chance that they’ll experience a cyber security breach (Cyber Security Breaches Survey 2017)
How to protect your business
Phishing has become one of the most talked about threats in cyber security and businesses or all sizes need to protect themselves against it: you may wish to engage a cyber security expert to help. They will probably suggest a three pronged attack that uses the very latest technology to detect and prevent phishing emails ever reaching your staff – nothing will give you 100% protection, but you will prevent the majority of attacks – awareness training to teach your teams what to look out for, and to encourage a culture of openly reporting attacks as you will face even worse trouble if a staff member clicks on a phishing link and doesn’t tell you about it either due to fear or embarrassment.
No-one is infallible and it is inevitable that one day a phishing email will get through your defences – you are acting to minimise the chance of it happening and to secure as much of your data, finances and business property as possible. We blogged last year about Cybercrime and homeworking – click here to see more. Cybercrime has never been so common.
|Glossary Phishing: a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. Spear phishing: attacks are directed at specific individuals or companies, usually using information specific to the victim that has been gathered so the messages appear to be authentic, eg. referencing named colleagues or executives, and/or using the victim’s name, location or other personal information. Malware: software which is specifically designed to disrupt, damage, or gain authorised access to a computer system. Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid – cybercrime is not just phising emails – beware|
Remember that the HB team is here to help: whilst we’re not security experts we understand the damage that a cyber attack can do to your business and its finances. If you would like to talk about how we can help you and your business, please feel free to contact the team on 01992 444466. We’re accountants for business and we’re here to help you survive and grow.
Please feel free to contact the team on 01992 444466. We’re accountants for business and we’re here to help you grow.
Read our latest blogs below
- Making Tax Digital Income Tax Self Assessment delay announced (MTD ITSA) delayed to 2024
- HB Accountants are buzzing about positive changes
- The HB Accountants History part 4: The life of a post-war articled clerk
- Celebrating Colin Wilkinson’s 60th Birthday: Do you know your accountant?
- Boris Johnson outlines new 1.25% health and social care tax to pay for reforms – National Insurance increase NICs
The information contained above is for general guidance purposes only. Whilst every effort has been made to ensure the contents are accurate, please note that each individual has different circumstances and it is essential that you seek appropriate professional advice before you act on any of the information contained herein. HB Accountants can accept no liability for any errors or omission or for any person acting on or refraining from acting on the information provided in the above
Feel free to follow us on Instagram to get to get a flavour of who we are @HBAHoddesdon