Cyber criminals are continually coming up with inventive ways to cause harm online and SMEs and sole traders are a prize catch. You may think that you would never be lured by the bait, but it pays to always remain vigilant.

If you’ve ever used email, you will no doubt have heard about phishing. Would you be able to spot a rockfish from a red herring? No? Well, don’t worry as Safenetpay is here to guide you through uncharted waters with a 101 guide to phishing.

What is phishing?

Phishing is a type of email-based impersonation fraud where attackers intend to deceive people or businesses into disclosing sensitive information. Put simply, they want to steal as much money as possible.

Email phishing

Email phishing is the oldest digital fraud trick in the book. An attacker will send out hundreds or even thousands of emails, impersonating a well-known business such as a high street bank, delivery company or streaming service.

Spear phishing

Spear phishing attacks are tailored communications designed to target and trick financial departments - or the people within them – into disclosing company account details.

Whaling and CEO Fraud

Whaling is the act of targeting individuals with emails customised to their seniority and will take a more serious or professional tone. A whaling email may impersonate a legal entity or security services provider that would only be known to an employee in a senior position.

CEO fraud is a technique in which a fraudster will directly impersonate a C-Suite individual with the intention of forcing other staff members into performing sensitive tasks such as money transfers or revealing web log-in credentials.

How to identify phishing attacks

Check the sender’s credentials carefully

• The address may look strange or randomly generated
• Check if the ‘from’ and email address names match
• The hosting or country domain appears unfamiliar or incorrect

Look out for trigger keywords, phrases and grammar

• The email will contain words like ‘URGENT!’ or ‘CANCELLED’?
• The email will usually have poor formatting, spelling and grammar
• The email may offer a reward for your engagement

Look out for strange links, attachments and download requests

• Do not download unexpected attachments or files
• Do not click on links before checking the URL destination (hover over link to see preview)
• Only access sites with a secure HTTPS connection

What to do when you receive a potential phishing email

• Do not provide any details or information under any circumstances
• Contact the sender (or supposed sender) using an alternative means of communication
• If you’re using work email - contact your IT support
• Report the email to your email service provider

How to protect yourself and your customers from phishing attacks

• Undertake regular security awareness training
• Keep up to date with the latest phishing trends
• Forward any suspected phishing emails to [email protected] where it will be investigated by the National Cyber Security Centre

Always remember to think before you click and if something seems too good to be true, then it probably is. For more information about the risk of phishing to your business visit the National Cyber Security Centre or UK Government help pages.