How to identify and deal with phishing scams

Not all cyber-attacks are as sophisticated or widespread as this month’s Wannacry ransomware attack. On most occasions cyber security breaches are in fact down to human factors. For example, the 2016 Cyber Security Intelligence Index from IBM found that 60 per cent of all attacks were carried out by insiders. Of these, three quarters had malicious intent whilst one-quarter involved inadvertent actors. One of the most common ways that cyber security is compromised through what is known as phishing emails, messages,  or phone calls.

In fact, a recent report by PhishMe argues that 91 per cent of cyberattacks begin with a phishing email.  This works by cyber criminals usually trying to convince you to install malicious software or hand over your personal information under false pretences. As a recent prank on the Barclays’ CEO proves, even some of the largest and well-resourced organisations are susceptible to this tactic of deception. As most companies keep confidential information about finances and products on email or computers, this article seeks to provide some tips on how to reduce the risk of cyber-attacks brought on by phishing.

How to identify phishing

Attempts at phishing can take the form of generic emails, instant messages, texts and phone calls. There is also an increasing frequency of a type called ‘spear phishing’. Spear phishing is an email or electronic communication scam targeted towards a specific individual, organisation or business.  Often both of these types of phishing are intended to steal data for malicious purposes if you give them certain log-in details, or will seek to install malware on a targeted computer. With so many emails and calls coming in to your business every day, how can you tell the malicious from the genuine, especially if they are targeted at you?

How to prevent phishing

  1. Treat all unsolicited emails and phone calls with scepticism

Be cautious with emails or calls that are both unsolicited and request personal information. This includes emails from your bank, healthcare provider or credit-card company. For example a company like 1&1 would never ask for passwords or bank details in emails.

  1. Verify any claims

Call the company that is supposedly sending the email and verify any claims or actions in the email. Of course, find the number from a trusted source like the company website and do not follow the information provided in the suspect email. Check with them the legitimacy of the request and flag to them if somebody is impersonating them in an email.

  1. Beware of links in an email

If you are not 100% sure that email is to be trusted then do not click on any links provided. Instead of clicking a link, open a new browser and type the URL directly into the address bar.

  1. Keep your browser and operating system up to date

Internet browsers and operating systems often have regular security updates that address emerging security threats. Every computer system has vulnerabilities but to make sure you are protected these updates need to be downloaded as soon as they become available.

  1. Check your financial statements on a regular basis

If you have inadvertently entered your bank details or financial information into a website or email any financial transactions will show up in your bank statements. Make sure to check these regularly and maintain proper accounting procedures to verify incoming and outgoing funds so that nobody has illegitimate access to your finances.

Above all don’t panic and remember that you can always contact your e-mail provider for advice on what to do in case of suspected phishing scams and cyber security attacks.

To find out more about how to maintain e-mail security with 1&1 click here.

Category: Tips
1 comment1

Your comment


  1. May 31, 2017 at 1:14 pm | by Dipak Patel

    interesting blog….how are the company safegaurding their customers , when you allow hackers , with the most basic of knowledge to log into accounts with the assistance of 1 and 1 customer services helping them change the password, setup a phone pin and change the account email address …all of this and the hacker freely gives their name which is not the one on the account ( they don’t even have to provide the account number )….complaints made to the customer service director results in no reply and not even an acknowledgement ….very poor company and the ICO will no doubt want to investigate my security breach