How to prevent the 83% of phishing attacks businesses suffered last year

Cyber

Authored by NMU

With week two of Cyber Security Awareness Month 2021 underway, we’re taking a closer look at phishing attacks and scams, which have thrived since the pandemic began back in March 2020. As we covered in our previous blog, remote working has exposed a huge cyber security weakness for many organisations, with employee’s unsecured personal devices posing a particular risk.

Phishing is in no way a new threat to businesses. It has existed for many years and yet still continues to be one of the most popular types of scam employed by cyber criminals. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails, or directing victims to fraudulent websites in order to obtain logins or other sensitive information. Looking at recent statistics, UK Government figures show that phishing was by far the most common form of attack faced by businesses over the last year, with 83% of businesses and 79% of charities experiencing a phishing scam. During 2021, a number of phishing scams have become wide-spread and even garnered media attention, such as the rise in Royal Mail related SMS phishing scams.

How to protect against phishing

With phishing attacks so prevalent and some being incredibly convincing on the surface, what can businesses do to protect themselves? Educating their staff about how to spot these phishing scams is vital, as is promoting vigilance. With this in mind, here are some top tips about how to identify phishing scams:

  • Don’t fall for ‘urgent’ emails – these typically use scare tactics to trick victims into taking immediate action.
  • Never click links or download attachments from an unexpected email or text.
  • If you receive a suspicious email from an official organisation, report this to the organisation via their website.
  • If you are prompted to make a payment or charity donation, type the organisation’s web address into your browser rather than following an email link.
  • Hover but don’t click on email links – if the alt text does not match the display text or appears strange, do not click.
  • Check your accounts regularly to ensure no changes have been made without your knowledge, this will make spotting phishing attacks easier.

Friendly spear phishing

One specific form of phishing attack that has become more popular in recent years with the rise of social media is friendly spear phishing. In these phishing attacks, a specific individual is identified (typically via social media) and then targeted by cybercriminals. In these attacks, criminals often use fake or hijacked social media accounts to engage in friendly conversations with victims, as a way of lowering their guard. Once they believe that trust has been established, the scammer will send a Microsoft Word document and ask the victim for them to review and advise. Upon opening the document, the victim will be prompted to  enable macros, if they do, their system will download and install dangerous malware. In order to protect against this sophisticated phishing scam, here are some things that you can do:

  • If an individual you’re talking to sends you files to download, consider if they seem out of character. Are they using the same language and grammar as usual, or does something seem off?
  • Before enabling macros for a file, contact the sender via phone or text to verify who created the file, what it contains and why you need to enable macros.

Educating staff about how to detect phishing scams is one of the best lines of defence available to organisations, along with promoting vigilance and easy-to-follow guidelines. But unfortunately there is always a chance that a phishing attack will be successful, infiltrating an employee’s device or compromising a business’s website. In these instances, it’s vital that businesses have protection, which is where our CyberSafe solution can help. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support from ReSecure.

Contact us

For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;

Matt Drinkwater, Cyber & Financial Lines Underwriting Manager – 07748 676262
Cliff White, Underwriter – 07971 923108
John Kellett, Underwriter – 07568 432512

CLICK HERE TO SIGN UP FOR OUR
FREE BI-WEEKLY NEWSLETTER

NMU
https://www.nmu.co.uk/
ContactNMU

About NMU

NMU is an award-winning provider of specialty insurance solutions

We are the first choice for brokers looking for specialty insurance, offering solutions that are not simply off-the-shelf, but built upon a real understanding of the risks faced by policyholders. This, together with our ability to write risks such as storage, installation, construction and exhibitions outside of the UK and offer terrorism cover on overseas property, sets us apart from the competition.

You can count on us, when you need us most! We are NMU

Our team of professionals based across the UK, provides customers with an in-depth product knowledge and a real personal service.

We provide bespoke insurance products that are not simply off-the-shelf solutions, but built upon a real understanding of the risks faced by policyholders as well as offering added value services to benefit our clients.

Our product and services range comprises:

Cargo InsuranceMarine cargo policies cover goods during import and export, including any incidental storage, as well as domestic distribution. Stock throughput polices can cater for all this plus other, intentional storage…read more

Freight Liability InsuranceCovering the liabilities to which hauliers, freight forwarders and warehouse keepers are exposed when they contract to move or store goods owned by others…read more

Engineering InsuranceCovering contractors’ all risks (CAR), erection all risks (EAR) and contractors’ plant; machinery movement (and installation), breakdown and business interruption; deterioration of stock; and electronic risks…read more

Marine Equipment InsuranceCovering remotely-operated and autonomous underwater equipment – ROVs, AUVs and the like…read more

Terrorism and Sabotage InsuranceStandalone terrorism cover can be a more flexible and cost-effective alternative to traditional placement routes…read more

Motorsport InsuranceDesigned for commercial risks, our motorsport policy offers 24/7 cover for teams at all levels across all disciplines…read more

Cyber InsuranceProviding SMEs with a simple, robust solution for cyber liabilities, cybercrime and restorative support…read more

Risk ControlWhilst we pride ourselves on our claims service, there is far more benefit to policyholders in preventing loss and damage in the first place…read more

Online FacilitiesTo complement our award-winning service, we use online facilities to assist NMU policyholders and brokers alike…read more

Claims ManagementWe pride ourselves on prompt and efficient claims management, which is supported by the use of independent surveyors and adjusters to quantify larger losses and to give advice on mitigation measures…read more

Latest video

NMU video: Celebrating 40 years in business

Authored by NMUA lot has changed over the last four decades – the way we work and communicate, the risks we insure, the technology we use to provide the best... click here for more