From the UK Government’s 2022 cybersecurity survey, of organisations that identified an attack “… the most common threat vector was phishing attempts (83%) …”. And are also “considered the most disruptive types of attack that organisations face”. That trend is also on the rise – up from 72% in 2017. As you can see, knowing how to avoid phishing scams is vital to organisations worldwide.
As a computing technology organisation ourselves, we know that security issues come in many different forms, and that extremely convincing phishing campaigns have been catching vulnerable businesses off guard.
So our security experts would like to give some insight and practical advice when it comes to spotting and overcoming these manipulative messages – here are our 6 top tips on how to avoid phishing scams:
How to avoid phishing scams tip number 1: Train your staff to know what to look for
Training your staff to be aware and vigilant of all attachments and links from unsolicited emails is a great start when it comes to how to avoid phishing scams or attacks. All emails with attachments should be treated with caution, even those from friends, family and colleagues. It’s great if you know how to avoid a phishing scam but make sure your employees can also spot common aspects of phishing emails, for example very unspecific information such as “take a look at this”. Phrases like this should raise concern, but whether they are hostile or not can be easily verified by replying to the email asking if the assumed contact actually sent the email. When you respond to these emails, the real person will receive the question and the virus or phishing attempt won’t receive your response. If the person says they didn’t send the email – good job – you just mitigated a potential dangerous attack.
How to avoid phishing scams tip number 2: Deceptive URLs and domain names
It is imperative that all links in emails or documents, recognised or not, are checked and verified. This is very easy to do. By hovering over links, you are able to identify the actual site the link will take you to, and if it looks suspicious simply do not click it. In addition to this, if a link takes you to a site asking for a username and password be wary. Check the address is correct and know that people might use very similar (misspelled) variations to fool their victims. Another common URL trick is to hide the address bar so you can not verify if you are on the wrong page.
How to avoid phishing scams tip number 3: Does the message contains poor spelling and grammar?
Large organisations usually review every email, letter and notification for spelling, grammar and legality issues amongst a wide variety of other things. If an email contains poor grammar or any spelling mistakes, it’s likely that it’s illegitimate. This can be one of the easier ways of how to avoid a phishing scam, especially if the email is supposedly from an important institution or organisation.
How to avoid phishing scams tip number 4: The email makes offers that sound too good to be true
If you get an email offering technology for extremely low prices (for example at a 90% discount) then you know it’s a scam. These emails usually tell the recipient that there is a “deal for a limited time” and often catch people out on their impulses for gratification. It’s highly likely they just want to steal your card details. Just remember, if it seems too good to be true, unfortunately it probably is a scam.
How to avoid phishing scams tip number 5: Asking for money to cover costs
A wide number of phishing emails asking for payments to cover costs have been plaguing businesses all over the UK. The senders of these emails usually mimic an email address of a colleague (such as your boss) and will send you an email asking you to make the payment. These emails usually look extremely convincing and will base their attachment design off common invoices from banks, service providers and websites. The senders of these emails gamble on you not questioning the request of your superiors, as they pretend to be a trusted colleague, and therefore are one of the most manipulative.
How to avoid phishing scams tip number 6: The message is random and uninitiated
Phishing attacks often leech off the popularity of services such as the lottery or other competitions to steal personal information. An example of an uninitiated attack would be receiving a message in an email claiming that you have won a competition even though you never entered one. These attacks can be successful because many people do enter competitions and draws such as the lottery, so there is a high chance the recipient can be fooled.
If you have any concerns or questions, or would like more support on how to avoid phishing scams, have a look at our cybersecurity solutions to secure your organisation here, or contact us directly today