Arm your employees against phishing

Do you need help with something?

Share this article

Articles
02 Nov 2021

Arm your employees against phishing

Phishing scams, where fraudsters pose as legitimate entities to steal personal information, continue to be a major threat to businesses. To protect themselves, employees need to be equipped with the knowledge and skills to identify these attempts and avoid falling victim. By implementing education programmes and fostering a culture of cybersecurity awareness, businesses can significantly bolster their defences against these ever-evolving online attacks.

What is Phishing?

Phishing, is a cunning online scam where fraudsters attempt to steal your personal information, such as passwords, bank details, or credit card numbers. They often do this by sending emails or text messages that appear to be from legitimate sources, like your bank or a delivery company, in an attempt to trick you into clicking on a link or handing over your information directly.

Simple tips for protecting your business against phishing

As a business, it can be challenging to keep your cybersecurity systems up to date, as fraudsters and thieves quickly adapt and exploit new protection methods.

Of the many malicious attempts, phishing is one of the most dangerous and most common threats, since it preys on human error.

It involves a cyber-criminal sending an automated email or message to a large number of recipients, disguised as:

  • a trusted person or institution

  • a colleague asking for sensitive information such as bank account number, ID card number and passwords

  • a seemingly trustworthy link

After clicking the link, the cyber-criminal can search for information and use it to steal money or blackmail the individual.

‘Spear Fishing’ messages are more targeted and customised, with the cyber-criminal pretending to be a close relative, friend or partner. These are usually delivered via email, social media or dating sites.

As remote working increases, more and more of us are using our personal mobiles for work, which has led to a rise in phishing attacks. In fact, the number of mobile phishing attacks has increased by 32% from Q4 2019 to Q1 2020.

That’s why it’s important to educate your employees about the possible threats, so they can recognise an attack when it happens.

Common types of mobile phishing attacks:

1. URL padding: when the real destination of the website is hidden by hyphens, leaving only the seemingly legitimate site visible.

267811 1.2 Arm your employees against phishing illustration v2 01 desktop

2. Tiny URLs are shortened links that lead the user to malicious content. It’s also possible to send these via SMS.

267811 1.2 Arm your employees against phishing illustration v2 02 desktop

3. Screen overlays replicate the login page of a legitimate mobile app in order to obtain a person’s username and password. This method is very effective and usually targets mobile banking and payment apps.

267811 1.2 Arm your employees against phishing illustration v2 03 desktop

4. Mobile verification can help the attacker verify that the target is a mobile device and send specific attacks to it.

267811 1.2 Arm your employees against phishing illustration v2 04 desktop

5. ‘SMS spoofing’ tricks the user to click a link by disguising themselves as a system update notification. When the user clicks on it, it intercepts emails, sensitive data or web traffic to and from the device.

267811 1.2 Arm your employees against phishing illustration v2 05 desktop

Test your ability to spot phishing with this real vs. fake mobile phishing test by Lookout.

Secure your business from a host of cyber threats with Vodafone's security solutions for businesses of all sizes.

Business Marketplace

Find free, one-to-one advice and support, tailored to your business on a range of digital topics.

Speak with a V-Hub Digital Expert

Thanks for your feedback!

Related Articles