Spotting something ‘phishy’ – keeping businesses safe
Over half of adults admit to having been targeted in a phishing scam1 and recent events such as the Covid-19 pandemic and cost of living crisis have only exacerbated the situation. But what exactly is ‘phishing’, how do you recognise it, and what’s the best way to avoid being caught out?
What is ‘phishing’?
Phishing is a type of social engineering which involves sending a fraudulent message (generally an email but potentially also a text, website, advert or phone call) designed to trick individuals into revealing sensitive information and/or data, or to deploy malicious software on the victim’s infrastructure.
It’s not just individuals who can fall victim to phishing; according to government data, phishing attacks on businesses have risen from 72% to 83% in the last 12 months.2
Why should businesses be aware of phishing?
Organisations of any size can be targeted by a phishing attack. If carried out successfully, phishing can have severe consequences for a business, including:
- business disruption, with systems disabled and staff unable to work
- loss of intellectual property and data
- reputational damage
- a drop in company value
- regulatory fines and financial penalties where data privacy laws have been compromised.
How to recognise a phishing scam
Cyber criminals are using increasingly sophisticated methods to deploy phishing attacks. When being on the alert for phishing attempts, the following can be a sign:
- a ‘dodgy’ or unrecognisable looking domain name
- posing as an authority figure e.g. solicitor or government department
- poor spelling or grammar
- suspicious attachments or links
- a sense of urgency (being given a limited time to respond)
- a request for sensitive information
How can businesses protect themselves?
Employee education
A key part of preventing successful phishing attempts is to educate employees on how best to recognise phishing and what to do in the case of an attack. It’s recommended to run training on this and ensure staff are clear on how to report a suspected attack. Naturally, remote workers should be included in any such training.
Use multi-factor authentication for company systems
This involves requiring a user to successfully provide (at least) two pieces of evidence in order to verify their identity and log in, such as a password and one time access code.
Password tools and policies
Businesses can make use of password manager tools and encourage the use of strong passwords with special characters, with regular expiration dates.
Carry out phishing simulations
Companies can run mock phishing tests where they send an email to employees designed to mirror a typical phishing attempt. This measures staff awareness levels and can indicate a need for further training/education.
Further information
You can report suspected insurance fraud confidentially via the Insurance Fraud Bureau and cyber crime via Action Fraud.
Allianz Insurance has been the RMI’s exclusive insurance partner for over 25 years and have a bespoke RMI and Allianz offering for members known as the Motor Trade RMI product.
Find out more about this exclusive member offer here, and call the IGA Member Helpline on 01788 225 908 to enquire.