By Mark Brown, Founder of Psybersafe
Phishing scams have risen exponentially since the pandemic began in 2020 and are currently at an all time high. Social media groups are full of warnings about the latest email, message or text scams, so you’d think that we’d be well aware of what to look out for, wouldn’t you? We’re certainly getting better at spotting a scam. Some of us may even ignore genuine emails and messages ‘just to be on the safe side’.
But phishers are smart and the way they contact you and ask for information gets smarter and more believable every time. So much so, that even giant companies are still falling foul of their scams. Phishers take advantage of weakness and rely on you being too busy to check properly. By the time you realise what’s happened – it’s too late.
With so many people working from home at least some of the time, without the usual IT back up that we might have in the workplace, we need to be more on our guard than ever. So what can you do to keep yourself safe?
Hackers are playing on a number of weaknesses. First, they understand that we’re more likely to look at something that makes us curious. Secondly, they also know that if we’re worried about losing out on something, like a deal, or offer, we tend drop our guard. Fear of missing out (or FOMO) is a real psychological phenomenon. And if we’re being warned we may lose money, because we have to pay a fine, or our bank account is suddenly unsafe, we also tend to move into a stress mode, which clouds our thinking. Hackers will try to create a sense of urgency, to stop us thinking carefully about what is being said. Phishing emails are designed to get us to click. Remember – if the email requires you to act e.g. click a link or open an attachment and you’re not expecting something from that person, then be suspicious.
- If you’re not sure whether an email is genuine or not, start by hovering over the email address to see if it looks genuine. Often, you’ll find that the email address hidden underneath a name bears no resemblance to the company it is supposed to be from. If that’s the case, email it to email@example.com . You can also just delete it, but we’re in this fight together, so please report it!
- If the email address looks genuine – and hackers can be very good at this – but you still feel uneasy, check the content carefully for spelling mistakes or odd phrases that don’t read properly. Look at how they’ve addressed you: is it actually to you, or could it be to anyone? These are often the tell-tale signs of a hacker.
- Don’t trust links and attachments just because they come with genuine looking emails. Ask yourself the following questions:
- Are you expecting something from this person?
- Hover over the weblink to see where it leads.
- Hover over the email address to see if it’s genuine
- Does the attachment name look like something you’re expecting?
- Are they asking for personal information?
- Are they trying to create a sense of urgency?
If anything looks “off” then don’t take the risk.
- And remember, your bank or building society will never ask you for your account details by email. If there’s a link to your bank, don’t use it. Hackers can also make fake websites look very realistic. So type the link you know into your browser yourself.
No-one should ever feel stupid for falling for a phishing scam. It’s all too easy to mistake a scam for something sincere. All business owners can do something to help stop hackers in their tracks. Investing in cyber security training so that the people who work for you know what to look out for and know what action to take to stop hackers gaining a foothold in your business is just an important as investing in cyber security technology. The majority of hacks are successful because of human error so it is vital to make sure you and your team are prepared.