Phishing is a form of online fraud where scammers deceive individuals into revealing sensitive information, such as passwords or credit card details, by pretending to be a reliable source. This can occur through emails, social media, or fraudulent websites.
Businesses of all types and sizes are targets for phishing attacks, so it is essential you know how to keep your data safe.
What techniques do phishing attacks use?
Phishing is a general term and covers a range of techniques. It can come in a number of methods such as:
- Social engineering
- Where attackers use social media to gather personal information and create convincing messages. They may impersonate trusted people like executives or supply chain partners. You may have seen this if a colleague has ever sent an e-mail that seemed out of the ordinary.
- Spear phishing
- This is where attackers observe your behaviour then use personalised e-mails to lure you in, often using malware.
- Vishing
- Attackers use phone calls to pose as trusted sources and trick victims into sharing confidential information. This could be a phone call from a client or someone pretending to be your network provider.
Phishing can affect all members of an organisation; some are even targeted such as whaling, where attackers target high ranking staff members using a range of phishing techniques to steal data or plan viruses.
How can you identify a phishing attempt?
Phishing can be very costly to a business, particularly if it is successful.
It may cause financial damage or theft of intellectual property, it can also leave the victims feeling exposed and vulnerable. Luckily there are a number of tell-tale signs to spot a phishing attempt. These include:
- Contact from unknown e-mail addresses or telephone numbers.
- Poor grammar or spelling in e-mails.
- The e-mail asking questions that seem out of the ordinary or hurrying you, such a staff member asking to click on a link quickly.
How can you prevent phishing attacks in the workplace?
The first port of call to prevent successful phishing is to raise awareness and train your workforce in the dangers of phishing, how to spot it and what to do if they think it is happening.
For organisations which process sensitive data and require higher level of data protection then additional cyber security measures might be required.
For example, conducting regular penetration tests, where a company is employed to attempt to hack into your system might be required.
For a more holistic approach implementing a data protection management system such as ISO27001 can help to prevent businesses from falling victim to a phishing attack and provide improved wider data security.
How can WA Management help?
WA Management offer a Phishing Awareness online training course suitable for any employees accessing the internet using work computers.
GDPR and Security & Terror Alerts are essential tools in protecting your business from physical and operational threats. Make sure you don’t miss out on our 10% off deal on these courses, available until the end of November. Simply enter the code ‘secure10’ at checkout to save!
Read more Consultant’s blogs here.
To keep up to date with the latest health & safety news and advice, follow us on social media: