How to avoid email phishing scams

According to the security software provider Malwarebytes 33% of businesses have suffered a ransomware attack in the last 12 months.

Their research also revealed that 20% of UK businesses feel they’d have no chance in stopping a ransomware attack.

But actually, there is a lot that a business can do to protect itself, especially since the majority of approaches designed to either get the recipient to share their personal bank details or to install malicious software that locks the machine until a ransom is paid.

Emails that appear to come from a bank, from HMRC (HM Revenue and Customs) or from well-known companies, even social media accounts like Facebook, often either alert you to a problem, such as a suspended account, or to your being due a refund.  The giveaway is that invariably the message will include an invitation to click on a link in the email.

The main thing to be aware of, apart from the obvious one that you may not in fact have ever used that particular organisation’s services, is that in general neither banks nor HMRC will contact you via email with such information.

Unless you have specifically set up e-mail communication with the bank or other organisation an obvious giveaway of a fake is that it will not detail account numbers but also full names and may also contain spelling mistakes or grammar oddities.

Firstly, businesses should make sure every employee is alert to the possibility of emails being fake, regardless of how authentic the branding may look, and make sure they never click on any links contained in a suspect email.

If you have any doubts, the first thing to do is to hover the cursor over the alleged sender’s email address without clicking on or tapping it.  It should reveal the detailed address, and that will usually be enough to make you suspicious.

Your can do the same with any link in the email you are invited to open. If you are still unsure, log on to the organisation’s website from elsewhere, NOT via the email and check what it says about communications security and any specific alerts mentioned in the email.

Alternatively, if an email appears to come from an organisation with which you do have dealings it is always worth a phone call to check whether it is authentic.

Finally, report or flag the email either to your email provider or the organisation named in the email and alert them to the attempted scam.