Latest News

11st july 2023

Watch out!

Recently I've noticed an increase is phishing scams. Phishing is when attackers attempt to trick or scam users into doing 'the wrong thing', such as clicking a bad link that will download malware, or direct them to a dodgy website.

In particular, I've been getting phishing emails from some of my suppliers, where their identity has been spoofed. I've received in some instances, perfectly cloned emails (see the Amazon example in the images), and others that look like they have come from a genuine source.

I'm sure most of you are scam aware, but I thought it worth sharing a few tips on how I protect myself from falling foul of these types of cyber attacks.

1. Don't click anything! Always inspect the link, you can hover over or right-mouse click and copy the hyperlink into Notepad or something similar, and then look for tell tale signs that the link is false. The most obvious one and easiest to spot is a link that points to a website that bears no relation to spoofed organisation or brand that the email is meant to be from. I've posted a couple of examples of links that are fake.

2. Look closely at the "from" address, often in the less sophisticated phishing attempts its obvious from the email address that it is not genuine.

Phishing Emails - Example
Phishing Emails - Example

Also look for spelling and grammar mistakes (although I'm not best placed to comment on this ?? )

3. Scare statics are often a good method phishing criminals use to get an instant reaction, for example alarmist email Subjects such as "your account has been suspended".

Our instant reaction is to get it sorted. Don't fall into this trap, take a moment to think, then as per #1, don't click anything until you have inspected the link and you are confident. If in doubt, simply delete the email, and login to the any customer portals you may have to check the status of your account.

4. Unbelievably, I still come across users that do not have an Anti-Virus solution installed on their machines. Tools like AVG, even the free version for non-commercial users offers significant protection to stops viruses, spyware, malware and ransomware.

These tools will help if you do accidentally click a link that takes you to a suspect site. The AV tool should block access and notify you.

5. Share with your colleagues any phishing or spoof emails, and I don't mean forward it to them! Take a screen-grab or snippet and share via your chat channels.

Go one better, if you have not done so already, setup a dedicated chat channel for alerting teams to any potential threats. My business uses slack, and we have a dedicated channel called cyber-security and use this as a heads up, its a great way of disseminating information quickly to the team.

It's imported to be educated and aware of the techniques cyber criminals use.

Hope these quick tips are of help. Remember, on a wider basis you should have formal security policies and procedures in place to protect you and your business.

Thank you!