What is a phishing attack?
These are large scale information gathering attacks carried out by fraudsters. Emails, texts or social posts sent out by fraudsters may contain a link that takes you to a fake website. The message will be presented in a way which will make you think it comes from a trusted source (such as your bank or your telephone company). If a link takes you to a website, you could be asked to input personal information such as passwords and card details.
These attacks can often target company staff in the hope of tricking them into making mistakes. It is therefore important to stay vigilant and spot the ‘tell-tale’ signs of an attack. These attacks can become more and more targeted as the fraudster gathers more information on the business.
What should I do if I think I have received a phishing attack?
This is the mantra to help you avoid becoming the ‘vulnerability’ that causes a cyber security issue in your company… Stop. Question. Verify.
STOP – We have gotten so used to responding to texts quickly, immediately clicking on ‘pop-ups’ and following links without thinking. This speedy and trusting digital behaviour is what the fraudster depends on to breach a business. You must STOP, even just for a second, to allow your senses a chance to kick in. If you have any doubts or suspicions, you need to check them out. But you will only get a chance to do that if you STOP and pause before responding, following or clicking. Give yourself time to realise that something isn’t quite right with an email you’ve just read, or the text you just received, or the social media post you were about to click on… you get the idea!
QUESTION – “Why is this person applying pressure for action late on a Friday?”, “Hang on, that’s not how Rachael spells her name?”, “That’s not the text number the bank normally uses?”, “Fred doesn’t normally post stuff like that on Linked in?”. In most scenarios, there will be something that should trigger some doubt in your mind. These things may be as subtle as the request being slightly out of character.
VERIFY – If there is any doubt then find an appropriate way to verify the request without interacting with it. You should check the origins of a request and do it by a different route (for example, if you receive a text from the bank, use your desk phone to call the bank using the number on the back of your card, or if you get an email from your managing director demanding you to make an urgent payment, call them to confirm it is valid).
At all times you should think to STOP. QUESTION. VERIFY.
