It is important that staff are constantly vigilant about the threat of cyber-attacks, but no more so than now.
Right now, staff should be vigilant when looking at emails and clicking on links because fraudsters will see the current uncertainty as an opportunity. Only this week we have seen instances of fake text messages with spurious links pretending to be from the government and telling us to stay at home, and to “click here for more information”.
At work and at home, phishing emails can be very convincing, but there are some key things to look out for. The National Cyber Security Centre guidance gives the following general tips around phishing emails:
- Many phishing emails have poor grammar, punctuation and spelling.
- Whilst the title may say GOVUK – is the design and overall quality what you’d expect from the organisation the email is supposed to come from?
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
- If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
- Your bank, or any other official source, should never ask you to supply personal information from an email.
It is also useful to hover over a link to see the actual hyperlink address that you are being directed to, not just the text in the email. Finally, if in any doubt, double check any claims made in the email, for example call colleagues or banks to check whether they have sent the email in question. Even if there is a tiniest bit of doubt, don’t do it.
If you or your business need any further assistance, please get in touch with us. The National Cyber Security Centre has lots of guidance too, however, in the interest of sticking to the good training of the above we won’t provide the link!
It is very important that you keep your staff mindful of these risks as an accident at this stage could cost you vital resources which you may not be able to afford to lose at this time.