Phishing scams: What they are and how to handle them
Phishing scams: what are they and what to do if you experience one?
Your inbox pings. It’s an urgent email from someone you trust, demanding immediate action. But before you hit 'send,' stop and think. Is it a legitimate request, or a carefully crafted phishing scam? A single click could compromise your entire business.
We explain what phishing scams are, the different types, and how to spot and prevent them – before it's too late.
What is phishing?
Phishing is when cybercriminals pretend to be trusted sources to steal sensitive info like passwords and financial details, or to get access to your company’s network. These scams come in a number of disguises – emails, texts, fake websites, but always with the same aim. To trick you into handing over something valuable.
What are phishing attacks?
Phishing scams can seriously harm a business. If they’re successful, they can lead to financial loss, damage your reputation, and put your security at risk.
Some common phishing scams examples include:
1. Email phishing – BEC attacks
Email phishing, especially BEC attacks – short for Business Email Compromise – is one of the most damaging types of phishing. Scammers pose as high-level people or trusted partners, tricking employees into transferring money or sharing sensitive data. BEC scams have cost businesses billions, and they’re getting more sophisticated every day.
2. Trap phishing
Trap phishing uses fake websites or portals that look like the real thing. Victims are led to these sites through phishing emails or pop-up ads, where they’re tricked into entering personal details like passwords or credit card information.
3. Spear phishing
Spear phishing takes it a step further by personalising the attack. Scammers often do their homework, researching their targets to craft highly relevant emails or messages, making them harder to spot. For example, it might mention a specific project or colleague, so it sounds real.
4. Angler phishing
Angler phishing preys on social media. Scammers create fake customer service accounts, posing as reps from well-known brands. When users contact them with complaints or questions, the cybercriminals swoop in, asking for personal information while pretending to resolve the issue.
5. Vishing (Voice phishing)
Vishing scams involve a phone call, where scammers pretend to be from a legitimate company or government agency. They usually try to scare people with threats or tempt people with rewards, pushing them to give up personal information.
6. Whaling
Whaling targets the big fish – the C-suite. These attacks are carefully designed to trick senior leaders into handing over sensitive information or approving large financial transactions. Given the level of authority involved, a successful whaling attack can have serious consequences.
How to identify and prevent phishing scams
So, how do you spot a phishing email or scam? It often comes down to a few key tell-tale signs. Here are a few things to look out for:
Small misspellings or extra characters can be giveaways, so always double-check the sender’s email address. Phishing scams also rely on creating a sense of urgency, pushing you to act fast without thinking, especially if sensitive information or money is involved. Be wary of unexpected attachments and always hover over links to check they match the sender’s claims. And remember, if an offer seems too good to be true, it probably is.
Read more on how to identify phishing scams.
What to do if you’ve been scammed
Even with your best precautions, phishing scams can sometimes slip through. Don’t panic but act quickly and effectively. Here are some different scenarios you might find yourself in and what to do next.
1. Spotted it early but didn’t act
If you’ve spotted a phishing email before clicking any links or sharing information, you’re in the clear. However, don’t just ignore it. Delete the email immediately and report it to your IT team or email provider to help them block similar threats. Flagging the email as spam can also block future attempts.
2. Opened the email or replied
If you’ve opened the email or even replied but didn’t share any personal or business information, you’re still on relatively safe ground. Notify your IT people straight away and run a virus scan just to be sure. It’s also worth updating any passwords you think might have been exposed, even if it’s just for peace of mind.
3. Clicked a link or shared information
If you’ve clicked a malicious link, downloaded an attachment, or shared sensitive information, act fast. Disconnect your device from the internet immediately to prevent any malware from spreading. Let your IT department know so they can assess the damage, remove any malware, and secure your systems. If you’ve shared financial or personal details, contact the bank or credit provider immediately to minimise any further risk.
For more insights, check out our guide on implementing a phishing defence strategy.
Phishing scams are constantly evolving, but by staying alert, learning to spot the red flags and taking proactive steps, you can protect your business from costly mistakes. Look out for urgent demands, unexpected attachments, and suspicious email addresses, and you can take huge strides to keep your business safe. And if you do slip up? Quick, decisive action can be the difference between a minor scare and a major headache.
For personalised advice on how to protect yourself against phishing attacks, get in touch with our V-Hub advisers today.
Microsoft Enterprise Mobility + Security (EMS)
Help protect users, devices, apps, and data in a mobile-first world.
Free one-to-one support
Available Monday to Friday, 8am-6pm, our friendly team are here to provide guidance and support on the topics that matter to your business.
0808 239 8345
Content made available to you on this website is for general information purposes. Independent advice should be obtained for your needs. Read full disclaimer