Call 01992 466877
how to avoid phishing attacks

How you can avoid phishing attacks

Here are some steps to help you identify the most common phishing attacks

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money, steal your details to sell on, or they may have political or ideological motives for accessing your organisation’s information.

Phishing emails are getting harder to spot, and some will still get past even the most observant users.

Whatever your business, however big or small it is, you will receive phishing attacks at some point. Here are some easy steps to help you identify the most common phishing attacks, but be aware that there is a limit to what you can expect your users to do.

how to avoid phishing attacks and suspicious emails

Click here to download a helpful datasheet

Configure accounts to reproduce the impact of successful attacks

You should configure your staff accounts in advance using the principle of ‘least privilege’. This means giving staff the lowest level of user rights required to perform their jobs, so if they are the victim of a phishing attack, the potential damage is reduced. To further reduce the damage that can be done by malware or loss of login details, ensure that your staff don’t browse the web or check emails from an account with Administrator privileges. An Administrator account is a user account that allows you to make changes that will affect other users. Administrators can change security settings, install software and hardware, and access all files on the computer. So an attacker having unauthorised access to an Administrator account can be far more damaging than accessing a standard user account.

Use two-factor authentication (2FA) on your important accounts such as email. This means that even if an attacker knows your passwords, they still won’t be able to access that account.

Think about how you operate

Consider ways that someone might target your organisation, and make sure your staff all understand normal ways of working (especially regarding interaction with other organisations), so that they’re better equipped to spot requests that are out of the ordinary.

Common tricks include sending an invoice for a service that you haven’t used, so when the attachment is opened, malware is automatically installed (without your knowledge) on your computer. Another is to trick staff into transferring money or information by sending emails that look authentic. 

Think about your usual working practices and how you can help make these tricks less likely to succeed. For example:

  • Do staff know what to do with unusual requests, and where to get help?
  • Ask yourself whether someone impersonating an important individual (a customer or manager) via email should be challenged (or have their identity verified another way) before action is taken.
  • Do you understand your regular business relationships? Scammers will often send phishing emails from large organisations (such as banks) in the hope that some of the email recipients will have a connection to that company. If you get an email from an organisation you don’t do business with, treat it with suspicion.
  • Think about how you can encourage and support your staff to question suspicious or just unusual requests – even if they appear to be from important individuals. Having the confidence to ask ‘is this genuine?’ can be the difference between staying safe, or a costly mishap.

To avoid phishing attacks, you might also consider looking at how your outgoing communications appear to suppliers and customers. For example, do you send unsolicited emails asking for money or passwords? Will your emails get mistaken for phishing emails, or leave people vulnerable to an attack that’s been designed to look like an email from you? Consider telling your suppliers or customers of what they should look out for (such as ‘we will never ask for your password’, or ‘our bank details will not change at any point’).

Check for the obvious signs of phishing

Expecting your staff to identify and delete all phishing emails is an impossible request and would have a massive detrimental effect on business productivity. 

However, many phishing emails still fit the mould of a traditional attack, so look for the following warning signs:

  • Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics.
  • Is the design (and quality) what would you’d expect from a large organisation?
  • Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
  • Look out for emails that appear to come from a high-ranking person within your organisation, requesting a payment is made to a particular bank account. Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
  • If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to some secret part of the Internet.

Email filtering services attempt to send phishing emails to spam/junk folders. However, the rules determining this filtering need to be fine-tuned for your organisation’s needs. 

If these rules are too open and suspicious emails are not sent to spam/junk folders, then users will have to manage a large number of emails, adding to their workload and leaving open the possibility of a click. However, if your rules are too strict, some legitimate emails could get lost. You may have to change the rules over time to ensure the best compromise.

Report all attacks

Another way to avoid phishing attacks is to make sure that your staff are encouraged to ask for help if they think that they might have been a victim of phishing, especially if they’ve not raised it before. 

It’s important to take steps to scan for malware and change passwords as soon as possible if you suspect a successful attack has occurred.

Do not punish staff if they get caught out. It discourages people from reporting in future, and can make them so fearful that they spend excessive time and energy scrutinising every single email they receive. Both these things cause more harm to your business in the long run.

If you believe that your organisation has been the victim of online fraud, scams or extortion, you should report this through the Action Fraud website. Action Fraud is the UK’s national fraud and cyber crime reporting centre. If you are in Scotland contact Police Scotland on 101.

Check your digital footprint

Attackers use publicly available information about your organisation and staff to make their phishing messages more convincing. This is often gleaned from your website and social media accounts (information known as a ‘digital footprint’).

  • Understand the impact of information shared on your organisation’s website and social media pages. What do visitors to your website need to know, and what detail is unnecessary (but could be useful for attackers)?
  • Be aware of what your partners, contractors and suppliers give away about your organisation online.
  • Help your staff understand how sharing their personal information can affect them and your organisation. This is not about expecting people to remove all traces of themselves from the Internet. Instead support them as they manage their digital footprint, shaping their profile so that it works for them and the organisation. CPNI’s Digital Footprint Campaign contains a range of useful materials (including posters and booklets) to help organisations work with employees to minimise online security risks.

Thanks to NCSC for this info on how to avoid phishing attacks – a great source of cyber security advice from the Government at ncsc.gov.uk. Crown Copyright, content reproduced under license 

Did you like this article?

Please help to share it on social media

LinkedIn
Facebook
Twitter
Email
WhatsApp
Picture of Jeremy Tilson

Jeremy Tilson

More articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for further information?

Here’s some related content from our knowledge hub that you may find useful

What is cloud technology?

What is Cloud Technology?

If you’ve ever wondered, “What is cloud technology?” you’re not alone. It’s a term that gets used a lot in business and everyday life, but it can feel like one of those techy concepts that’s hard to pin down.

Don’t worry – we’re here to break it down into plain English and show you how cloud technology can make life easier for your business.

Read More
Boost Your Content Creation Using AI Copywriting Tools

Boost Your Content Creation Using AI Copywriting Tools

Creating engaging and high-quality content consistently can be a challenge for many businesses and individuals. Fortunately, generative AI tools such as ChatGPT, Google Gemini and Microsoft Copilot have emerged as powerful solutions to streamline the content creation process.

Read More
Best practices for Outlook mailbox size

Best practices for Outlook mailbox size

Efficient email management is crucial for maintaining productivity. A large, unorganised Outlook mailbox can significantly hinder workflow and potentially lead to data loss. To ensure optimal performance and avoid these issues, it is essential to implement effective strategies for managing mailbox size.

Read More
Steps after a data breach

Steps after a data breach

A data breach can feel like a devastating blow. It’s a breach of trust, a loss of control, and a potential Pandora’s Box of problems. But knowledge is power. Understanding what a data breach is, and more importantly, knowing the crucial steps to take in its aftermath, can equip you to navigate this turbulent situation and emerge stronger on the other side.

Read More

What our customers say about us

Nick never ceases to amaze me

Nick never ceases to amaze me with his knowledge of windows and technology in general. He brings out the inner geek in me too!

Tim Pedlar
Hopkins Falshaw

A very personal and helpful service

My experiences since around 11 years ago when I first signed up with you have been very good. In those early days you had a messaging service and I always got called back but now you have direct contact it’s much better, really good. It’s a very personal and helpful service, particularly from Nick (and then from Philip, after Nick introduced me to help with the Mac).

Supplying my new iMac and iPads was efficient and competitive too.

 

 

Lester Bennett
Design Consultant

A*

We use AlphaFirst as our external IT Team, they are great, always quick and ready to respond A*

Dawn Anderson
DPA (London) Ltd

Excellent Service

Beverley Packford
Packford Opticians

Fast efficient service

Erika Kiss
MTEC Fine Art

Friendly, knowledgeable and quick to respond

I am a small business owner in Broxbourne and have been using Alphafirst to support my IT for over 5 years. They are friendly, knowledgeable and quick to respond and are keeping my systems future proof and running smoothly. I would recommend them to anyone.

Tim Pedlar
Hopkins Falshaw

Transformational to the business

Your bespoke software for Claim and Collect really was transformational to the business so thank you again for that. Will  certainly be in touch should we need similar again.

Ben Ross
High Oak Business Centres

Support we got was excellent

We chose to work with AlphaFirst two years ago as we were not happy with our current IT partner. We are a small organisation with independent consultants contracting to us on a wide number of projects. Our contact at AF talked me through what we were looking for and explained the various levels of support. We decided to go with a reduced support package due to our size and the support we got with this was excellent, we still have this support now.

Jon Luckhurst
DG International

Very patient

Leslie and Nick are always pleasant to deal with when any unexpected IT problems pop up. They have been very patient during our office upgrade this year!

Kat Kizzle
Ware Priory

If I could give 6 Stars and more, I would

In short Jeremy and his team at AlphaFirst are absolutely brilliant.

I don’t really do reviews but something happened today that I need to tell you about. My company produces Online Video content which our customers access through software that AlphaFirst created. We have thousands of videos and hundreds of customers.

This morning we began receiving calls from our customers telling us that there was a problem with the software and when we checked, we were experiencing the same problem too. We immediately reached out to AlphaFirst for help. Now to cap this we had an online presentation to a Global Customer that was scheduled for 20 minutes after making the support call to AlphaFirst. Their response was amazing, we sent them a video via their support system of what was happening and they got to it. Our meeting started on time and they had fixed the problem so that we could demonstrate our software to our customer.

I should mention that it turned out that the only reason why the software failed was due to human error on our side when backing up the system the night before but at the end of the day it doesn’t really matter because AlphaFirst’s response was just simply amazing and if you’re looking to work with a company that cares and gets things done when you need it most, then you only have one thing to do – Call AlphaFirst, you can’t go wrong.

Michael Shane
Mi-Crow Courses

Really enjoyed working with you

I’ve really enjoyed working with you … great to work with people who just get stuff done!

Alex Rammal
Former Head of IT

All was good

Prompt delivery and set up as usual.

Chris Wells
MTEC Fine Art

You’re a genius!

Just thought I would let you know that the staff here think you’re a genius!

Ben Ross
Director

Very happy with the service provided

We were very happy with the service provided.
Looking forward to having our computer system finally working as it should!!

Jody Piggott
M&M Welding & Fabrications Ltd

Calm common sense and expertise

Many thanks for your support yesterday. I’ll admit I was panicking – your calm common sense and expertise saved at least some of the hair I was tearing out.

Vernon Halsey
IT Manager

Just what we were looking for!

Chloe Norris
Dogs About Town

Very happy

Our request was handled very quickly and easily so very happy with the service provided!

Matt Bourn
Energy Facilities

Quick to respond

AlphaFirst are always quick to respond, reliable, helpful and friendly. Excellent customer service

Shella Turner
Ware Priory

Sorted it out in a flash

After one of those days when you’re tempted to throw your laptop off a tall building, Mark from AlphaFirst came to the rescue. He was quick to respond, accessed remotely and sorted it out in a flash. Stress levels now reduced, I’m very grateful!

Heidi Pateman
Ware Town Council

Friendly and very helpful

As always AlphaFirst find a fast and effective way of getting my PC back up and running with minimum fuss. The Alpha team are always friendly and very helpful.

John Branch
MTEC Fine Art

Nothing has been too much trouble

Absolutely fabulous service. Really friendly, very knowledgeable and nothing has been too much trouble. Thank you!

Johanna Till
Dogs About Town

I appreciate your responsiveness

Whenever we have had a serious IT issue I have always (for many years) been able to rely on you to understand the issue, to react promptly and get us back working quickly. Resolution to issues like this are crucial to our business and I appreciate your responsiveness.

Tony Meyer
Director

Absolutely Fantastic!!!!

In times passed writing was done with a quill & a pen-knife was an essential piece of equipment. AlphaFirst is the sharpest computer-pen-knife I have ever come across! Thank you very much guys for your prompt & efficient service. Regards,

Roy Holt
Granville Forbes Architects ltd

Honest, friendly & reliable, highly recommend!

Christine Burke
Christine Lynne Burke Photography

Professional and friendly

London Hire - Accessible Vehicle Rental

Have recently switched our IT services to AlphaFirst and have been extremely impressed at how professional and friendly the team have been. Very responsive and they have quickly resolved any minor issues we have had. Happy to recommend their service to others

Richard Gerard-Sharp
London Hire Ltd

Every firm needs a Nick

Domenico Padalino BSc ArchDip ( HONS ) Arch RIBA MFPWS
DPA (London) Ltd

Flexible and intelligent approach

With a flexible and intelligent approach to resolving complex problems, and a can-do attitude, your recent development of our Finance Budgets application has been a great success and was delivered at great value compared to other possible solutions

Colin Hooker
Finance Planning & Analysis Manager

Very impressed

Nick does go above and beyond I must say. He was very efficient and got us all sorted.

Maxine Padalino
DPA (London) Ltd

Very happy with the service

This is the second time we have used your company and Nick and Tony have been very helpful.

Andy Wing
Golden Boy Coaches

Always quick to respond

Absolutely fabulous service from a local IT support company. Nothing is too much trouble. AlphaFirst believe in the old fashioned values of courtesy and integrity. Always quick to respond. Thank you

Janet Reeve
Knight & Day

Innovative and cost effective

Reliable, personable, flexible, innovative, accurate and cost effective – what more could you ask for?

Michael Shane
CEO

Partners and Certifications

We're Microsoft Partners
We're Dell Partners
cyber essentials certified
Draytek Authorised Dealer
Malwarebytes Registered Partner
avast and avg reseller
Microsoft Small Business Specialists
Member of Herts Chamber
Proud to be part of Love Hoddesdon
alphafirst_logoBLACK_Transparent_Large_No_Tagline.png
Terms and conditions
Cookie Policy
Privacy Policy
Press & Media

Visit Us

  • The Old Well House, 1 Bell Lane
  • Hoddesdon, Herts EN11 8HW
  • Tel: 01992 466877
  • Email: webcontact@alphafirst.net

OPENING HOURS

  • Monday - Friday:
  • 9:00AM - 5:00PM
  • + other times on request

Join Our Tribe!

Get updates on events, new articles and special offers

Copyright 2020. AlphaFirst Ltd. Registered in the UK No. 4012380

All offers are subject to pre-qualification, maximum one per customer unless stated, and are not valid in combination with any other deal or offer. Terms and conditions apply, and telephone calls may be recorded for training and monitoring purposes. All prices exclude VAT