Normally when you think email threats you think of WannaCry or other well known ransomeware. However phishing is the cybercrime that is causing more problems for businesses on a day to day basis. Around 41 % of businesses experience phishing attacks daily, and over 77% receive phishing emails at least once a month. As an IT company, I can say that our clients report phishing emails to us often.
What are phishing emails: put simply it’s a spoofed email that is designed to look like it came from a legitimate source, its aim is to get sensitive information from the recipient such as usernames and passwords, login details etc.
These emails look fully legitimate and at a quick glance it is easy for the user to assume that its safe and enter his or her details or interact with the send. Below is an example of a phishing email I received the a little while back. The email looks legitimate, if you click on the link it takes you to a page that looks like a Microsoft website which asks for your Office 365 login details. If I had of entered my details the sender would of has access to all of my data and it would have been a big problem for me as it would of put me at risk of ransomware:
The above is just one example but it seems like a lot of phishing emails are disguised as everyday work related emails. Other popular ones are spoofed emails from Google claiming that you need to log in and change your password. This is why this type of attack is so successful because it looks and feels like a regular email.
What to do: keeping your users educated against phishing emails is very important, as anybody in your business with an email address can be vulnerable. We have solutions available which provide email protection, training for staff and simulated phishing attacks which will safely highlight who the risky users are. Click here to find out more. The main takeaway from this post should be that you and your staff should be aware of the type of emails that you are clicking on and you should keep in mind, companies like Google or Amazon or your bank wont just send you an email asking you to log in to check a file or to change your password unless you have requested it. Ensuring that staff are made aware of email threats and what to do in. The solutions that we have for this work and are effective, we use Sophos to protect your mailboxes from phishing emails, and we also use a phishing simulation tool which lets us test your staff from time to time to measure responsiveness. This coupled with regular and short training will give you a good level of protection.