Phishing scams are on the rise as our Bristol cyber security consulting experts have mentioned in previous blog posts.

 

How many people have actually been a target of a phishing scam?

In just two months it has been estimated that Britons could be conned out of a staggering £3.5 million if they don’t have the correct cyber security solutions in place.

A survey by our partner Barracuda Networks has discovered that 46% of organisations across the UK, US, France, and Germany have suffered at least one ‘cyber security scare’.

Most obviously due to remote working, organisations’ employees are reliant on the internet for sharing of documents, and therefore become more vulnerable to criminals.

 

How can you tell a phishing email? Is it always obvious?

One of our client’s team recently received a WeTransfer document, which said it was an invoice. 

The client uses WeTransfer regularly so that was not unusual to get such an email however they had done no business with the company contacting them, though the company was known to them. It all appeared a little ‘odd’.

Thankfully, the team member didn’t open the email, she flagged it up to her line manager who emailed the sender separately to ask if the WeTransfer document had been sent by them and then contacted our Bristol cyber security consulting team.

We saw immediately that it was dodgy and praised them for taking immediate action. We then checked all of their systems to ensure that no virus has attacked them or was ‘lying in wait’ to attack them.

The client then later received an email from that company to say they had been the victim of a phishing scam using WeTransfer. It was a lucky escape and very embarrassing for the sender who had to take immediate action to protect their clients and contacts.

 

What to do if you suspect a phishing email? 

Check that the actual email sender is actually who the email claims to be.  Often the email address has no links to the company it is purporting to be at all.

If it isn’t even a company you usually deal with or you are not expecting any contact so it feels ‘odd’ or ‘wrong’ contact your IT support provider, and in a separate email contact the company to question the contact. Ask if they could have been hacked? The earlier you act the better for all concerned.

 

What to do if you fell for a phishing scam?

      • Work immediately with your cyber security provider to safeguard your systems and take their advice on what to do next. If they cannot provide this kind of service, are they the right provider for you in a crisis?

      • Send out an email to all of your clients apologising, and making them aware of the breach in email security.

      • Ensure that you put all of the clients’ emails in the BCC rather than the TO box – which can happen when in panic mode.

      • Inform clients to ignore any emails sent from you in the last 48 hours, and tell them of the information in the email so they know what to look for.

      • Advise them to contact their own cyber security provider to remove the email from the system without opening any attachments.

      • Advise them that you have taken all necessary precautions to negate the security risk at your end.

      • Advise them if they have opened the email attachment, alongside contacting their IT provider, also update any passwords for additional safety.

     

    What to do if you’ve already responded?

    If you’ve already responded to a suspicious message, take the following steps:

     

        1. If you are in business, bring your cyber security provider in to take immediate action. This should be part of your deal with them anyway if it’s not, invest in it.
        2. If you’ve been tricked into providing banking details, contact the bank and let them know immediately. The account may need to be frozen.
        3. If you received the message on a work laptop or phone, take action by contacting your IT provider.
        4. If you opened a link on your computer or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan – if you are worried, get your cyber security provider to do this on your behalf.
        5. If you’ve lost money, tell your bank and report it as a crime to Action Fraud (for England, Wales, and Northern Ireland) or Police Scotland (for Scotland). By doing this, you’ll be helping the battle against criminal activity, and in the process prevent others from becoming victims of cyber crime (ncsc.gov.uk).
      1.  

      Viruses and scams are still prevalent, so you must remain vigilant.

       

      It’s easy to forget about Cyber Security Consulting services until you need them, but by then it may be too late. Don’t get caught out.