Cyber-Risks and Liabilities: Spotting Phising Attacks

InsuNews May 26, 2022
Cyber-Risks and Liabilities: Spotting Phising Attacks

Spotting and Reporting Phising Attacks

A phishing incident is a type of social engineering attack that involves a cyber-criminal using scam emails, text messages or phone calls to deceive a victim. Phishing attacks exploit people, aiming to trick individuals into doing the wrong thing, such as clicking a suspicious link that downloads malware or steals personal information. Despite a high level of scam awareness, people still frequently fall victim to phishing incidents. According to the Department for Digital, Culture, Media & Sport, 83% of cyber-security breaches in 2021 stemmed from phishing attacks. As such, it’s essential for your organisation to remain vigilant.

A well-trained workforce is the first line of defence against phishing attacks. It’s vital that employees don’t make themselves an easy target. Remind staff to be careful when sharing personal and company information online, as cyber-criminals can use this information to tailor an attack. Consider creating a digital footprint policy describing what staff can and can’t disclose online. Additionally, train staff to spot and report phishing attacks by looking out for the following ‘red flags’:

Urgency—Messages that ask for immediate responses are often scams designed to pressurise recipients into making quick decisions before fully analysing the facts.
Emotion—Cyber-criminals regularly make false claims of support or use threatening language to instil fear into recipients
Scarcity—Some scam messages try to lure victims by offering things in short supply (eg deals on expensive goods or services).
Current events—Cyber-criminals may exploit big events or current news stories to make their scams seem more relevant.
Authority—Scammers might claim to be someone official (eg a bank or government worker). Therefore, it’s important to carefully check the sender’s details on all messages received. Often, a scam message will be sent from a public email domain rather than an official business address. If in doubt, it’s best to cross-reference the sender’s details against those displayed on the official company website.

See also  A Referral When Necessary It Can Help in Certain Cases

No matter how rigorous your phishing training is, employees may still occasionally fall victim to these attacks. Remind staff to immediately report suspicious emails and messages to the IT department. Additionally, adopt a multilayered approach to phishing defences. Organisational measures should include implementing email filtering and blocking mechanisms, utilising two-factor authentication and making sure only supported software and devices are in use.

For more information on phishing attack prevention, contact one of our risks professionals today.

Tags: , ,

More Stories

Dashboard camera in action installed on car windscreen

Be on your best behaviour . . . everything you do is caught on camera

InsuNews April 26, 2024
Why your business needs data breach insurance

Why your business needs data breach insurance

InsuNews April 25, 2024
Patons insurance staff stood together in front of a white wall wearing t-shirts with the chris's house charity logo on front

Kilted colleagues stride out for cause close to their hearts

InsuNews April 25, 2024

You may have missed

Aon outlines Q1 financials

Aon outlines Q1 financials

InsuNews April 29, 2024
Aon outlines Q1 financial results

Aon outlines Q1 financial results

InsuNews April 29, 2024
Insurance Business America reveals 2024's top workers' compensation providers

Insurance Business America reveals 2024’s top workers’ compensation providers

InsuNews April 29, 2024
light-idea

Cat bonds & ILS perhaps best diversifying hedge fund strategy of Q1 2024

InsuNews April 29, 2024
Talanx reports preliminary Q1 earnings

Talanx reports preliminary Q1 earnings

InsuNews April 29, 2024