In the last 10 years or so, remote working and working from home has surged dramatically and even more so in recent times as a result of the ongoing coronavirus pandemic with many countries in full lock down. 

In light of more and more employees having to work from home for the foreseeable future, we thought that in our latest blog article, we would provide you with 4 ways to protect your business from phishing/whaling attacks during this time. 

1) Start with the basics 

You will find that most of the time phishing scams come in a variety of different shapes and sizes but are constantly changing as we’ve seen in the recent coronavirus type scams going around. Despite the fact that the mechanics behind attacks have remained similar as the years have gone by, the warning signs to look out for still include: 

• Non-branded business email addresses – Nowadays it's very easy to setup an email address like payme@gmail.com using a free email service. 
• Badly written communications – You will find that many emails have typos, basic formatting errors or generic greetings such as ‘Hello Sir’, ‘Good Day’. 
• Scary calls to action – You will see that these pressure you to reveal personal data or transfer money, so you don’t think about what this could represent. 
• Dodgy email attachments – You will find that many of these have file extensions used to run code such as .exe, .cmd and so on. 
• No links between domain names - This is often the case when a sender contacts you from another email address for no purpose whatsoever. 
• Lack of consistent links with different destination URLs. 

2) Install anti-phishing/whaling software 

By getting your dedicated Managed Service provider to install email security software and anti-phishing features can help to improve your security, reduce the number of phishing emails that get through as well as flagging any dodgy looking ones, this can be achieved with: 

• Blacklisting domains – This means that you can stop any emails coming from certain addresses that are associated with fraudulent activity. 
• Creating spam filters – These filters can set rules to block communications that use dodgy keywords, elaborate punctuation, poor quality URLs and much more. 
• Scanning content – This helps to quickly highlight any viruses, ransomware or any other corrupted looking attachments. 
• Spoofed sender detection – This will alert recipients when they have never had any previous communications with a sender. 

3) Make sure that you use multifactor authentication 

Multifactor authentication is something that is absolutely essential in helping to protect your accounts from being compromised.  Essentially it stops information from being hijacked by putting into place multiple authentications - a secondary, one-time password sent via an app or SMS message – vs just using a simple username and password.  

4) If you see a suspicious email, do the right thing and report it! 

It is so important to report any form of phishing attack straight away as it will help to contain the spread and protect your colleagues from being targeted. 

If you have had a dodgy looking email sent to your company work email account, make sure that you immediately send it to your IT support team – either by mentioning it directly or by raising a support ticket. From this, the IT team in your organisation will be able to take steps to stop your colleagues from receiving it or responding to it. 

If you get phishing emails that look to have come from a legitimate organisation, make sure that you contact them directly to let them know that they have been impersonated online. Despite the fact that they may not be able to stop the attack, at the very least they can let their customers know straight away. 

Next Steps? 

If you are worried about potential phishing/whaling attacks then please get in touch with our team of IT experts who will be able to take you through all our tailored security solutions that are available for your business.  

If you want to receive articles similar to the above straight to your inbox, then please sign up to our mailing list.