What is a phishing incident?
A phishing incident is a type of attack that involves a cyber-criminal using scam emails, text messages or phone calls to deceive a victim.
Phishing attacks exploit people, aim to trick individuals into doing the wrong thing, such as clicking a suspicious link that downloads malware or attempting to steal personal information.
People still frequently fall victim to phishing incidents. A well-trained team is the first line of defence against phishing attacks. It’s vital that you and your team don’t make yourselves an easy target.
Remind colleagues to be careful when sharing personal and company information online, as cyber-criminals can use this information to tailor an attack.
Train your team to spot and report phishing attacks by looking out for the following ‘Red flags’
Urgency: Messages that ask for immediate responses are often scams designed to pressurise recipients into making quick decisions before fully analysing the facts.
Emotion: Cyber-criminals regularly make false claims of support or use threatening language to instil fear into recipients.
Scarcity: Some scam messages try to lure victims by offering things in short supply (e.g. deals on expensive goods or services).
Current events: Cyber-criminals may exploit big events or current news stories to make their scams seem more relevant.
Authority: Scammers might claim to be someone official (e.g. a senior manager or a key customer). Therefore, it’s important to carefully check the sender’s details on all messages received. Often, a scam message will be sent from a public email domain rather than an official business address. If in doubt, it’s best to cross-reference the sender’s details against those displayed on the official company website.
Here to help – Let’s Talk Cyber Insurance
No matter how rigorous your training is, colleagues may still occasionally fall victim to these attacks. Remind colleagues to immediately report suspicious emails and messages to management. Additionally, adopt a multi-layered approach to phishing defences. Company measures should include implementing email filtering and blocking mechanisms, utilising two-factor authentication where possible, and purchasing Cyber Liability insurance.
Contact Us today to learn more about cyber insurance and the appropriate protection for your company. For more information on cyber insurance please – Click Here. Edison Ives are proud members of the British Insurance Brokers Association.