How to prevent the 83% of phishing attacks businesses suffered last year
Authored by NMU
With week two of Cyber Security Awareness Month 2021 underway, we’re taking a closer look at phishing attacks and scams, which have thrived since the pandemic began back in March 2020. As we covered in our previous blog, remote working has exposed a huge cyber security weakness for many organisations, with employee’s unsecured personal devices posing a particular risk.
Phishing is in no way a new threat to businesses. It has existed for many years and yet still continues to be one of the most popular types of scam employed by cyber criminals. For those unfamiliar with the term, phishing scams commonly involve sending fraudulent emails, or directing victims to fraudulent websites in order to obtain logins or other sensitive information. Looking at recent statistics, UK Government figures show that phishing was by far the most common form of attack faced by businesses over the last year, with 83% of businesses and 79% of charities experiencing a phishing scam. During 2021, a number of phishing scams have become wide-spread and even garnered media attention, such as the rise in Royal Mail related SMS phishing scams.
How to protect against phishing
With phishing attacks so prevalent and some being incredibly convincing on the surface, what can businesses do to protect themselves? Educating their staff about how to spot these phishing scams is vital, as is promoting vigilance. With this in mind, here are some top tips about how to identify phishing scams:
- Don’t fall for ‘urgent’ emails – these typically use scare tactics to trick victims into taking immediate action.
- Never click links or download attachments from an unexpected email or text.
- If you receive a suspicious email from an official organisation, report this to the organisation via their website.
- If you are prompted to make a payment or charity donation, type the organisation’s web address into your browser rather than following an email link.
- Hover but don’t click on email links – if the alt text does not match the display text or appears strange, do not click.
- Check your accounts regularly to ensure no changes have been made without your knowledge, this will make spotting phishing attacks easier.
Friendly spear phishing
One specific form of phishing attack that has become more popular in recent years with the rise of social media is friendly spear phishing. In these phishing attacks, a specific individual is identified (typically via social media) and then targeted by cybercriminals. In these attacks, criminals often use fake or hijacked social media accounts to engage in friendly conversations with victims, as a way of lowering their guard. Once they believe that trust has been established, the scammer will send a Microsoft Word document and ask the victim for them to review and advise. Upon opening the document, the victim will be prompted to enable macros, if they do, their system will download and install dangerous malware. In order to protect against this sophisticated phishing scam, here are some things that you can do:
- If an individual you’re talking to sends you files to download, consider if they seem out of character. Are they using the same language and grammar as usual, or does something seem off?
- Before enabling macros for a file, contact the sender via phone or text to verify who created the file, what it contains and why you need to enable macros.
Educating staff about how to detect phishing scams is one of the best lines of defence available to organisations, along with promoting vigilance and easy-to-follow guidelines. But unfortunately there is always a chance that a phishing attack will be successful, infiltrating an employee’s device or compromising a business’s website. In these instances, it’s vital that businesses have protection, which is where our CyberSafe solution can help. Our product provides businesses with a simple, robust solution for cyber liabilities, cybercrime and includes restorative support from ReSecure.
Contact us
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;
Matt Drinkwater, Cyber & Financial Lines Underwriting Manager – 07748 676262
Cliff White, Underwriter – 07971 923108
John Kellett, Underwriter – 07568 432512
About NMU
NMU is an award-winning provider of specialty insurance solutions
We are the first choice for brokers looking for specialty insurance, offering solutions that are not simply off-the-shelf, but built upon a real understanding of the risks faced by policyholders. This, together with our ability to write risks such as storage, installation, construction and exhibitions outside of the UK and offer terrorism cover on overseas property, sets us apart from the competition.
You can count on us, when you need us most! We are NMU
Our team of professionals based across the UK, provides customers with an in-depth product knowledge and a real personal service.
We provide bespoke insurance products that are not simply off-the-shelf solutions, but built upon a real understanding of the risks faced by policyholders as well as offering added value services to benefit our clients.
Our product and services range comprises:
Cargo Insurance: Marine cargo policies cover goods during import and export, including any incidental storage, as well as domestic distribution. Stock throughput polices can cater for all this plus other, intentional storage…read more
Freight Liability Insurance: Covering the liabilities to which hauliers, freight forwarders and warehouse keepers are exposed when they contract to move or store goods owned by others…read more
Engineering Insurance: Covering contractors’ all risks (CAR), erection all risks (EAR) and contractors’ plant; machinery movement (and installation), breakdown and business interruption; deterioration of stock; and electronic risks…read more
Marine Equipment Insurance: Covering remotely-operated and autonomous underwater equipment – ROVs, AUVs and the like…read more
Terrorism and Sabotage Insurance: Standalone terrorism cover can be a more flexible and cost-effective alternative to traditional placement routes…read more
Motorsport Insurance: Designed for commercial risks, our motorsport policy offers 24/7 cover for teams at all levels across all disciplines…read more
Cyber Insurance: Providing SMEs with a simple, robust solution for cyber liabilities, cybercrime and restorative support…read more
Risk Control: Whilst we pride ourselves on our claims service, there is far more benefit to policyholders in preventing loss and damage in the first place…read more
Online Facilities: To complement our award-winning service, we use online facilities to assist NMU policyholders and brokers alike…read more
Claims Management: We pride ourselves on prompt and efficient claims management, which is supported by the use of independent surveyors and adjusters to quantify larger losses and to give advice on mitigation measures…read more