Phishing Email: What it is & How to Stay Safe

It seems there is a never-ending list of scams for organisations to navigate nowadays. From ransomware to Zoombombing to email phishing, minimising security threats to your business has almost become a full-time job.

The WFH shift has really ramped up concerns about the safety of company data, with email phishing making its way into more and more conversations in this department. So let’s break down what it means and how you can recognise and dodge an email phishing scam.

What is a 'phishing email' or scam email?

Basically, a Phishing Email is a malicious communication sent from a seemingly credible contact to elicit you to take an action that puts your IT security at risk. This could be the divulging of sensitive information to the sender or requesting the recipient to download an attachment that contains malware and infects your computer. The email often comes from a known contact with a slightly modified email address, prompting credibility in the receivers’ mind and hopefully causing them to not question taking the requested action.

How dangerous is phishing?

Should you be worried about phishing? How common is it and if you’re affected, how bad is it, really? To be brutally honest: it’s pretty common and it can be super harmful to businesses.

Phishing is one of the most dangerous threats to your systems, data and online accounts. What makes things worse is that scammers are smart; they’re good at disguising an email as something legitimate and sometimes even the savviest surfers get manipulated.

Corporate employees are most at risk of a phishing scam. They’re often classed as an easy pathway to sensitive company data, and cyber criminals just have to rely on them to make a mistake or have poor awareness of online security.

If you get phished and open an email attachment containing malware, it infects your system. From there, the criminal could withhold your files and demand a ransom to return them, they could take your passwords or bank details, and even go on a shopping spree on your account.

Consider this your timely reminder not to use the same password for every account!

How can you protect yourself against phishing?

According to Scamwatch, last year in Australia, we lost a total of $1,689,406 to phishing. Outsmarting the scammers and avoiding phishing scams starts with recognising them. Here are some common features of phishing emails you should keep a lookout for:

• Claims of suspicious activity in your account
• Claims that there’s a problem with your payment or payment information
• A request for you to confirm some personal details
• Downloadable attachment
• A link for you to follow and provide your login details
• Coupons for free stuff

Be vigilant about any email that exhibits the above characteristics, and add an extra layer of protection to keep you and your business safe from phishing attacks.

1. Even if emails look real, don’t download attachments, follow links or share your personal information. Instead, log onto your account directly on the official website and look for any messages there.
2. Install security software and set it to update automatically.
3. Use multi-factor authentication (2FA) when logging into your accounts. That means providing a password and proving your identification a second way, such as with a code sent to your phone.
4. Backup data on your laptop and phone, such as to an external hard drive or cloud storage.

What needs to be done?

Ultimately your people are your last line of defence. If a phishing email makes it through your mail filters into an inbox, having provided the training for staff to question the correspondence is essential. We teach our customers to ask three simple questions and if the answer is “No” to any, we encourage them to contact the sender directly and clarify the validity of the request. 

1. Do I know the person sending me this email?
2. Was I expecting this email and/or attachment?
3. Does the email address look legitimate?

By far the most effective form of prevention when that email hits an inbox is user awareness!

What else can we do?

In an ideal world no employee would ever take an action that can jeopardise the organisations cyber security but… that isn’t the world we live in. We can talk about it until the cows come home but the occasional slip up is bound to happen. So, what happens when it does?

Believe it or not, having the most up to date version of your web browser and operating system provide essential additional coverage. You know the prompts? The ones that pop up and ask you to restart your computer? They are actually doing something! Organisations like Apple andMicrosoft are constantly enhancing their product offerings in response to evolving threats and identified vulnerabilities. We call it ‘patch management’ in the biz but really, it is a fancy word for making sure your applications and operating systems are up to date and doing their part to keep you safe. So make sure you restart that computer, every time!

Additionally, antivirus software isn’t just a good thought, it is essential. When and if an infection occurs you want it identified, contained, and dealt with as soon as possible.  Making antivirus a non-negotiable condition of connecting to your organisations IT systems provides you with an extra weapon in your arsenal to be early to prevent, detect and fight any potential infection that occurs. No antivirus, no access.

Taking your cybersecurity seriously

At The Virtual IT Department, we take cybersecurity as seriously as a black cat walking under a ladder on Friday the 13th (touch wood). We provide Essential 8 Cyber Security Audits that identify any vulnerabilities in your IT ecosystem and help you address them.

Call us today on 1300 10 10 40 to organise your audit!

‍