Even if you’re not sure what phishing is, you’ll likely have heard of the phrase mentioned in passing at some point.

Phishing scams are one of the oldest cyberattacks, having been around for a long time. Over that period, they’ve morphed and evolved, with criminals becoming more cunning and developing increasingly legitimate-seeming scams to steal your data and/or money. It’s paramount that you take the time to educate your employees on phishing scams, especially as they’re constantly changing.

With organisations utilising more devices than ever, there’s a growing number of avenues that cyber criminals can take to access your sensitive data. At Three Cherries, we’re experienced in cyber security and have trusted partners to recommend in this space. In this article we’ll be discussing how you can remain vigilant and spot phishing scams, and what you should do if you’re ever targeted.

What is a Phishing Scam?

Phishing, as its namesake suggests, works like a fisherman dangling an enticing lure in the water. Rather than a wriggling worm, though, the lure is a too-good-to-be-true offer, or a threat designed to lure or scare you into action. Phishing scams revolve around tactics designed to create a sense of urgency, panic or intrigue in the victim, essentially making you feel like there’s no other option but to comply.

Once it’s got them hooked, the scam will most likely trick the victim into providing sensitive information – passwords, date of birth, and other personal/business intelligence. From this point, cybercriminals can upload viruses, steal money/data or extort the organisations that they target. Phishing scams come in all sorts of formats – emails, messages, phone calls, etc.

How to Spot Phishing Scams

While there’s no one rule that will help your employees to spot phishing scams, there are a few standout things to look for. Remember that these rules won’t always apply in every situation, and that as time goes on, scams are becoming more complex.

Threatening or Enticing Email Subject Lines

Many phishing scams will start with threatening subject lines such as, ‘Your X will expire if you don’t act’, or enticing lines such as, ‘You’ve won X, don’t miss out – claim it quick!’. The idea behind this is if someone panics, they’re less likely to think critically about what they’re doing. The scam relies on the victim not carefully considering what’s happening.

Make sure that your employees take the time to carefully think about every email that they receive. If it’s from a strange source, or if something seems off at all, then it’s likely a phishing scam.

Odd Requests from People You Know

Lots of modern phishing scams will seem to be from someone that you know. By lifting names of people you might know and auto filling the messages that they’re sending out, scammers can often mimic workmates, friends and family, making the scam seem more believable. If you receive an email from someone close to you, but the language/content seems off, then make sure to check whether the contact details match, or check with the person it’s apparently from.

Unusual Language

Many phishing scams will be written in broken English, or have unusual spelling/grammar mistakes throughout. Most legitimate companies will take a lot of time proofreading any communications that they send out to make sure that their brand is represented in the best way possible. If an email or message from ‘Microsoft’ is riddled with mistakes, there’s a good chance it’s not legitimate (unless Microsoft suddenly drop their standards).

Poor Formatting

Like with the previous point, many phishing scams will use cropped branding from the company that they’re mimicking, or their messages won’t be ideally formatted for the chosen platform. As phishing scams are created en masse, many will be shoddily made.

Hover Over Links

Whenever you receive a link in an email or text, hover over it (hold down your finger on mobile) to make the URL pop up. If the URL looks suspicious (anything that doesn’t look like the sender’s website is suspicious), don’t click on it. It’s always better to be overly cautious!

Phishing Scam Targets

Generally speaking, cybercriminals aren’t picky. They’ll often blanket target people all at once, attempting to gain access to any accounts that might be valuable to their aims. This makes it especially important that every single employee in an organisation knows what to be looking out for.

What to do if an Employee is Targeted with a Phishing Scam?

If any of your employees has received a scam via email or message, simply deleting it doesn’t necessarily solve the issue. A single message is the tip of the iceberg; your IT department needs to know that your business is being targeted so that they can take proactive preventative measures. Everyone needs to work together to prevent phishing scams – try to show others if a phishing scam is received. That way they can see real-life examples of what to look out for in the future.

How to Prevent Phishing Scams

While employee vigilance is one of the most powerful cyber security measures, it’s important to implement an appropriate firewall to prevent fishing emails getting through, create frequent backups and ensure that you’ve got expert IT support on hand at all times.

While we’d love to provide a cure-all for phishing scams, the real answer is that there’ll probably never be a method that’s 100% effective, as new scams are developed, and increasingly wily techniques are used.

Cyber Security & IT Support with Three Cherries

Implementing cyber security strategies can be a minefield. With so many elements to consider, it’s easy to miss something that leaves your company at risk. Our team at Three Cherries work with organisations of all types, providing bespoke cyber security tools and implementing meaningful change in your practises to help keep you safe from phishing (and other) scams.

Get in touch with us today for a no nonsense, jargon-free chat. We’re here to make the cyber security as painless as possible, helping to educate your employees and prevent any damaging loss of data.