Blog

Information to help your business benefit from telecommunications

Going Phishing…

Man in cap looking at computer code

Have you ever wondered why phishing is spelled “phishing”? Well, we’ll tell you anyway, apparently the “ph” came about because there was an earlier word, “phreaking”. Obvious really. And phreaking? That involves the fraudulent use of an electronic device to avoid paying for telephone calls, it’s probably a shortened version of “phone freak’. Who knew?

Back to phishing. Most of us are aware that phishing exists and what it is. We tend to associate it with attempts to scam us into giving bank details or credit card numbers; or collecting our personal details for reasons that aren’t always obvious. We tend not to think of phishing as being a means of getting into our data networks and accessing information, but that’s a very real possibility too, all to say that at some point every one of us is likely be the subject of a phishing expedition and it’s worth remaining super vigilant and avoid the risk.

How?

At the outset we would suggest that wisdom should dictate that any phishing aimed at a company device, be it a mobile phone, laptop or desktop, is looking for access to your data and capable of appropriating it. Your employees will not always be hyper- vigilant about the websites they download or emails they open so as much as possible we would recommend that you have a pyramid of access to determine who amongst your employees needs what access to do their job and that you limit this as much as sensible. Above all, limit Administrator privileges (those who can change security settings or install soft/hardware or access all files).

Something else you can do is always use two-factor authentication on your important accounts, such as email.

Having said that, here are some more ideas!

  1. Take a birds-eye look at what happens in your business. What’s normal for you? Knowing your business as you do, what would an unusual incoming communication look like? Would it be an invoice for a service that you haven't used, or an email asking you to do something or to give information? Would your staff know what to look for and be wary of? In fact, do you or your staff ever question incoming emails? If you get an email from an organisation you don't do business with, do you all automatically treat it with suspicion

  2. It’s asking a lot of staff to identify and delete all phishing emails, but there are tell-tale signs. Look for bad spelling and grammar (although, sadly, all too common!), spot badly copied logos and graphics.
    Does the overall look hit you as representing the organisation it purports to be from?
    Does the email address you by name or as Dear Colleague?
    Lastly, on this one, it’s worth fine tuning your email filtering settings to suit your organisation’s requirements. Most spam/junk filters work pretty well, but you may still receive some unwanted mail and, similarly, lose some genuine mail.

  3. Encourage your staff to tell you if they think they may have been phished. Let them know that there’s no intention of punishing them. Why? Because the sooner you change passwords and scan for malware, the better your chances of stopping an attack in its tracks. If you know that you have been phished, report it immediately to Action Fraud https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime.

  4. Phishers only know about you, your organisation and your staff by what they can find online. On the one hand we need to publicise and have a digital footprint, on the other, are we saying too much? And what are your partners, suppliers and customers saying about you. We’re not suggesting you become paranoid about secrecy, but it might be worth doing a digital footprint assessment!

If you would like someone else to manage all of this for you, then get in touch.

comments powered by Disqus