How to protect your information from phishing emails

Email attacks remain one of the most significant security threats organisations face today. Recently it was announced that Microsoft Exchange has fallen victim to an attack with tens of thousands of organisations potentially compromised. The attack used previously unknown flaws in the email software, gaining access to organisations’ email accounts through vulnerabilities in its Exchange Server email software. As a result, Microsoft has issued security patches that should be applied as soon as possible. So, with cyber-attacks becoming increasingly sophisticated, it’s important to be extra vigilant and remind your employees how to protect your information.

In a spoofed email, a cybercriminal will sometimes masquerade as a legitimate source by changing the identity of the sender to reflect a person or organisation familiar to the victim.

Spoofing presents two distinct threats for organisations:

• The first involves a spoofed organisation domain name, which can be used to send malicious emails to other people. This kind of spoofing attack can cause great reputation damage, especially if the victims are also your customers. 
   
• The second, and perhaps even more significant threat, is when cybercriminals use spoofed emails to target the organisation’s employees since these can become entry points for malware. 

The first step to protecting your business from a phishing scam is knowing how to spot it in the first place…

Security tips to share with your employees

Suspicious links

It’s good practice to always hover over any links in emails before immediately clicking to check the destination. Does the destination URL match the destination site you would expect? Will it download a file? Does it look like something that the company would generally use? If you’re at all unsure, seek advice from your IT team

An unknown sender

One of the easiest ways to spot a malicious email is to check the email address matches the name of the sender and ensure that the domain of the company or person is correct.

Things to look out for are extra numbers, letters or characters that look out of place within the email. For example:

Legitimate email domain: @lima.co.uk

Malicious email domain: @lima-s23.co.uk

These can sometimes be difficult to spot so it’s always best to note down the email address before taking any action to double-check.

Poor spelling and grammar

Poor spelling and grammar can be an easy spot for a spoof email, but it’s certainly not always a given. Does it look like the spelling has been translated to your language? Most companies have thorough proofing processes when sending emails and so the chance of a legitimate email having several spelling and grammar mistakes is unlikely.

Requests for personal information

Another indicator to proceed with caution is if the email asks you to submit personal information that you wouldn’t usually be required to submit. Always be vigilant until you can verify that the person requesting this information is who they say they are.

How to protect your business from phishing emails

• Use alternative, more secure methods for sending sensitive information.
• Utilise mail filters.
• Enable Multi-Factor Authentication (MFA) on passwords.
• Provide ongoing training and awareness for employees.

How can LIMA help?

Organisations need an IT partner they can rely on if the worst was to happen. LIMA can help to review your current security practices and ensure that your IT infrastructure meets the security and flexibility requirements you need to give you peace of mind. Click here to speak to one of our dedicated account managers.