some alt text
Our website is loading
Sovision IT - Award Winning Bristol IT Company | IT Support Bristol | Software Development Bristol

Would you know what to do if you’ve been hit by a phishing scam?

Phishing scams have risen during lockdown, as our Bristol cyber security experts have mentioned in previous blog posts.

In the first two months of lockdown, it has been estimated that Britons have been conned out of £3.5 million.

Cyber criminals are cashing in on the uncertainty that the pandemic has caused. By the beginning of May, the UK’s cybercrime agency had uncovered 7,796 phishing emails linked to COVID-19.

A survey by our partner Barracuda Networks has discovered that 46% of organisations across the UK, US, France and Germany have suffered at least one ‘cyber security scare’ since lockdown began.

Most obviously due to remote working, organisations’ employees are reliant on the internet for sharing of documents, and therefore become more vulnerable to criminals.

How can you tell a phishing email? Is it always obvious?

One of our client’s team recently received a WeTransfer document, which said it was an invoice. 

The client uses WeTransfer regularly so that was not unusual to get such an email however they had done no business with the company contacting them, though the company was known to them. It all appeared a little ‘odd’.

Thankfully, the team member didn’t open the email, she flagged it up to her line manager who emailed the sender separately to ask if the WeTransfer document had been sent by them and then contacted our Bristol cyber security team.

We saw immediately that it was dodgy and praised them for taking immediate action. We then checked all of their systems to ensure that no virus has attacked them or was ‘lying in wait’ to attack them.

The client then later received an email from that company to say they had been the victim of a phishing scam using WeTransfer. It was a lucky escape and very embarrassing for the sender who had to take immediate action to protect their clients and contacts.

What to do if you suspect a phishing email?

Check that the actual email sender is actually who the email claims to be.  Often the email address has no links to the company it is purporting to be at all.

If it isn’t even a company you usually deal with or you are not expecting any contact so it feels ‘odd’ or ‘wrong’ contact your IT support provider, and in a separate email contact the company to question the contact. Ask if they could have been hacked? The earlier you act the better for all concerned.

What to do if you fell for a phishing scam?

  • Work immediately with your cyber security provider to safeguard your systems and take their advice on what to do next. If they cannot provide this kind of service, are they the right provider for you in a crisis?
  • Send out an email to all of your clients apologising, and making them aware of the breach in email security.
  • Ensure that you put all of the clients’ emails in the BCC rather than the TO box – which can happen when in panic mode.
  • Inform clients to ignore any emails sent from you in the last 48 hours, and tell them of the information in the email so they know what to look for.
  • Advise them to contact their own cyber security provider to remove the email from the system without opening any attachments.
  • Advise them that you have taken all necessary precautions to negate the security risk at your end.
  • Advise them if they have opened the email attachment, alongside contacting their IT provider, also update any passwords for additional safety.

What to do if you've already responded?

If you've already responded to a suspicious message, take the following steps:

  1. If you are in business, bring your cyber security provider in to take immediate action. This should be part of your deal with them anyway if it’s not, invest in it.
  2. If you’ve been tricked into providing banking details, contact the bank and let them know immediately. The account may need to be frozen.
  3. If you received the message on a work laptop or phone, take action by contacting your IT provider.
  4. If you opened a link on your computer or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan – if you are worried, get your cyber security provider to do this on your behalf.
  5. If you've lost money, tell your bank and report it as a crime to Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland). By doing this, you'll be helping the battle against criminal activity, and in the process prevent others from becoming victims of cyber crime (ncsc.gov.uk).

Although lockdown restrictions have eased recently, the virus and scams related to it are still prevalent, so you must remain vigilant.

Are you ready to withstand such a phishing attack? Get in touch with our Bristol cyber security experts if you are worried about this for your business.

 

SUBSCRIBE TO GET FREE HELP, TIPS & SUPPORT

* indicates required
Silver Microsoft Partner AEP Microsoft Partner Cisco Partner HP Business Partner Nominet Member Dell Partner Cyber Essentials