Don’t get caught out by impersonation phishing. Make sure your protection is multi-layered.

14 May Don’t get caught out by impersonation phishing. Make sure your protection is multi-layered.

Many of our clients have been caught out by phishing attacks recently, especially impersonation phishing. 

Phishing attacks trick victims into inadvertently supplying access details to their personal or company data. This often involves revealing passwords to email cloud storage accounts.  

Phishing attacks often take the form of sophisticated emails from an apparently trusted source, innocently asking you to access a document, or verify your password. 

It‘s dangerous to assume you won’t fall victim to scams like these. You might be surprised to hear even the tech savvy can be fooled. 

Criminals adapt their methods to take advantage of human behaviour and habits. The explosion of smartphone usage twinned with the big shift to home working since Covid-19 means more and more of us are accessing our emails using web-based email accounts or via our smartphones, which can leave us more exposed to impersonation phishing.  

Always check who is behind the sender display name 

Whilst phishing attacks are unfortunately nothing new, the issue emerging here is that many of us take the display name at face value when the sender’s email address is not visible.  

Criminals can hide their actual address behind a display name that users are likely to trust such as an existing contact or well-known brand.  

Criminals are confident that many people won’t click on the display name to verify the sender’s address because they’re short of time, busy, distracted, or unaware. 

Their end-game ranges from installing malicious software on your computer, sending spam emails from your account, stealing your personal data to accessing your bank accounts.   

Multi-layered protection 

To guard against phishing attacks, your data backup and disaster recovery planning must have multiple layers: 

• Employees can unwittingly be the weakest link in your IT security. Bespoke expert simulation training that is regularly refreshed and reviewed can help protect your business, employees, and data. 
• Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) doesn’t just rely on a password to access data, but the second layer of protection is also required. Upon successfully entering the password, users are asked to enter a unique code before access is granted. One-Time-Password (OTP) codes are generated either by a specialised app such as Microsoft’s Authenticator or via text to the user’s registered mobile phone number.  
• It may sound obvious but creating a strong password is still an essential part of keeping data safe. It’s important to realise that it often isn’t a person stealing your password, but a highly intelligent robot designed to work through chains of popular words and phrases. Educating both yourself and your employees is key to not just the importance of a strong email but also how to create one. It’s also important to have a secure system to manage the multiple passwords we all need to keep track of.  
• It’s also important to protect your business systems from cyber-attacks. Anti-virus protection, regularly updated to deal with threats as they evolve, is imperative.
  

Whilst it can feel overwhelming to keep abreast of the many ways in which you need to keep your business systems and data safe, knowledge and education can be crucial to success. 

If you would like expert advice or guidance about any of the layers of armour we have touched upon above in your fight against phishing and cyber-attacks, please get in touch. We’d love to help.