Remote working has become an established part of the business landscape with millions of employees now working from home. While it’s an opportunity for firms to downsize offices and give staff greater flexibility over how they work, it’s a shift that hasn’t gone unnoticed in the criminal world, with cybercriminals quick to target home workers with phishing attacks.
What are phishing attacks?
A phishing attack is where a cybercriminal targets a business by sending them a fake email pretending to come from a respectable source. The majority of these emails are so obviously fake that most people can spot them; some, however, are so authentic looking that they can easily pass for genuine. When they do, the recipient may unknowingly click on links that download malware and ransomware.
In a phishing attack, the user is usually told that they need to verify some kind of information and are given a link to follow. The link, however, takes them to a fake website that looks very much like the real thing. When they log into the fake website, their username and password are stolen. The hacker will then use those credentials to gain access to the company’s system. From here, the attacker can impersonate the user in order to steal money, data and intellectual property or carry out other unwanted actions.
Training staff to spot emails
As cybercriminals become more sophisticated, it becomes more difficult to spot phishing emails. Training staff on what to look for and giving them regular reminders can massively cut down the risk of an attack being successful. Here are some of the key things to look out for:
- Impersonal greetings instead of using your name.
- Badly worded text or not quite accurate logos.
- A mismatch between the displayed name and email address. In the ‘From’ line of your email, you’ll have the following information: Sender’s Name <Senders Email Address>. If the name is from a recognised sender but the address is completely different, it’s probably a fake email (e.g., WHUK Support <[email protected]>).
- Invoices, receipts, shipping details for transactions that you didn’t make
- Attachments in emails from unknown senders.
- Links that when you hover over them with a cursor take you to sites other than the sender’s domain. To hide these, some often use popular link shortening services, like Bitly. Genuine businesses would have no reason for doing this.
- Requests for personal or financial information by email. To prevent customers falling victim to phishing scams, most businesses don’t ask customers to supply personal or financial data by email. Phishing scams often do.
- Demands for urgent action. Phishers will often target victims with scaremongering tactics, demanding immediate action or payments to prevent services from being cancelled or suspended. The email usually contains a ‘helpful’ button labelled ‘Update Now’, ‘Pay Now’, etc. which links directly to the scammer’s site.
Make browsing more secure
Many antivirus programs now come with secure browsing features that users can use. If these are activated and someone clicks on a malicious link in a phishing email, these programmes can often identify the site as dangerous and give the user a warning.
As a business, it can be helpful if you provide robust anti-virus software for your employees, perhaps getting a multi-user licence. This way, you can ensure everyone has the same level of protection, whether working remotely or in the office and on whatever kind of device they use to access your systems.
Protect your email with a spam filter
Using an advanced spam filter, like SpamExperts, can radically reduce the chance of falling victim to a phishing attack or a malware infection. Eliminating 99.98% of all spam, SpamExperts uses self-learning technology to identify not just existing threats, but new ones too, preventing phishing attacks from landing in your remote workers’ inboxes. It does the same for spam, virus, malware and ransomware email attacks.
Protect accounts by requiring 2FA
Even if an employee unknowingly gives away their login credentials during a phishing attack, there is much less chance of anything bad happening if you have two-factor authentication (2FA) in place for system logins. With 2FA, not only does someone need the username and password; they will also need a special code that has been sent to the employee’s phone. Unless the attacker has access to the phone, they won’t be able to log in. As the code only works for a few minutes, hackers won’t have time to make many guesses – especially if your firewall is set up to block users that make too many login errors in a short space of time.
Defend against internal email phishing
A major phishing scam over recent years and one aimed at businesses is to send fake internal emails that purport to come from senior staff. These often include instructions to carry out activities that put the company at risk. Some have even instructed finance teams to transfer funds to scammers accounts.
These risks can be avoided completely when a business makes use of email security certificates. Working in a similar way to SSL certificates, they authenticate that the sender of an email is genuine, whether that’s internal or external email, thus protecting employees, customers, suppliers and partners from phishing. They also encrypt email content so that it cannot be stolen.
With remote workers increasingly targeted by phishing attacks, it is vital that companies raise their level of protection. Hopefully, the suggestions discussed here can help you keep your remote workers more secure.
If you are looking for hosting that offers all the benefits of SpamExperts, 2FA and email security certificates, visit our homepage.