Phishing scams have risen during lockdown, as our Bristol cyber security experts have mentioned in previous blog posts.
In the first two months of lockdown, it has been estimated that Britons have been conned out of £3.5 million.
Cyber criminals are cashing in on the uncertainty that the pandemic has caused. By the beginning of May, the UK’s cybercrime agency had uncovered 7,796 phishing emails linked to COVID-19.
A survey by our partner Barracuda Networks has discovered that 46% of organisations across the UK, US, France and Germany have suffered at least one ‘cyber security scare’ since lockdown began.
Most obviously due to remote working, organisations’ employees are reliant on the internet for sharing of documents, and therefore become more vulnerable to criminals.
How can you tell a phishing email? Is it always obvious?
One of our client’s team recently received a WeTransfer document, which said it was an invoice.
The client uses WeTransfer regularly so that was not unusual to get such an email however they had done no business with the company contacting them, though the company was known to them. It all appeared a little ‘odd’.
Thankfully, the team member didn’t open the email, she flagged it up to her line manager who emailed the sender separately to ask if the WeTransfer document had been sent by them and then contacted our Bristol cyber security team.
We saw immediately that it was dodgy and praised them for taking immediate action. We then checked all of their systems to ensure that no virus has attacked them or was ‘lying in wait’ to attack them.
The client then later received an email from that company to say they had been the victim of a phishing scam using WeTransfer. It was a lucky escape and very embarrassing for the sender who had to take immediate action to protect their clients and contacts.
What to do if you suspect a phishing email?
Check that the actual email sender is actually who the email claims to be. Often the email address has no links to the company it is purporting to be at all.
If it isn’t even a company you usually deal with or you are not expecting any contact so it feels ‘odd’ or ‘wrong’ contact your IT support provider, and in a separate email contact the company to question the contact. Ask if they could have been hacked? The earlier you act the better for all concerned.
What to do if you fell for a phishing scam?
What to do if you've already responded?
If you've already responded to a suspicious message, take the following steps:
Although lockdown restrictions have eased recently, the virus and scams related to it are still prevalent, so you must remain vigilant.
Are you ready to withstand such a phishing attack? Get in touch with our Bristol cyber security experts if you are worried about this for your business.