Our series of regular cyber security and fraud prevention updates aims to help you keep you, your business, and your clients’ hard-earned savings as secure as possible.
In July 2024, a new Government came to power, and the Chancellor will soon deliver its first Budget. It’s at times of change like this that cybercriminals may seek new opportunities to target innocent individuals. One current tactic being widely employed by fraudsters is the use of phishing to compromise email addresses.
What is phishing?
Phishing is an attempt to fraudulently extract information, for example passwords or sensitive information, by encouraging victims to click on a link or open an attachment that will deliver malware onto their device. Phishing is generally done on a large scale, using generic content in a bid to get the desired response.
‘Spear phishing’ is a more targeted approach that threatens the assets of a specific organisation, or has a precise purpose in mind. Such attacks typically target an individual or specific group within an organisation, and often use a spoofed (look-a-like) email address to impersonate trusted colleagues or senior executives.
Protecting against phishing
Training
If you and your colleagues aren’t sure what to look out for, there are plenty of training and awareness resources available online from reputable Information Security companies and bodies. The good news is that these resources are often free of charge.
User access
Think about who has access to your data. Do certain people have elevated access and permissions? Is this information password protected? Are your password arrangements adequate?
Patching
Ensure that your software and operating systems are set up to receive patching automatically. That way you can be certain the latest fixes will be applied without delay.
For more guidance on defending your organisation from phishing attacks, visit ncsc.gov.uk.
What are cyber security threats?
A cyber security threat is a malicious act that aims to damage, alter or steal data and assets, or interrupt the services they support. This could be done via a direct act against a business’s systems, or through the use of social engineering tactics – such as phishing.
Who carries out cyber attacks?
• Criminals – from individuals or small, informal groups, to large well organised gangs.
• ‘Hacktivists’ – groups motivated by politics or an ethical stance, rather than financial gain. They often look to disrupt an organisation’s activities, for example by taking them offline.
• Nations – state-sponsored activities represent a growing threat, with well-funded attackers working for or on behalf of governments, often for political gain.
Top five tips to keep yourself safe
1. Double check any email addresses on the communications you receive. Are any letters missing? Is there a capital letter where there’s usually a lowercase one, or vice-versa?
2. Make sure you use a complex password for your email address, and change it regularly. An example of a complex password could be one that’s made up of three words, but with specific characters appearing as numbers instead of letters, e.g. AJb3l1 instead of AJBell.
3. Remember that financial institutions and businesses don’t tend to change their payment bank details very often.
4. If you receive an email asking you to make a payment, take notice if your bank issues a warning that the intended beneficiary name doesn’t match the bank details provided. Ensure this is queried further with the recipient before you proceed.
5. If you’re unsure if an email you’ve received is genuine, call the individual or company you are communicating with to check – but make sure you use a number that’s published on their website or on documents.
