"It seemed like just another ordinary day for staff at SME vehicle hire company MNH Platinum. Little did they know that the simple click of an email link was about to threaten their entire business.
It was early last year when the UK-based firm was the victim of a virus which encrypted over 12,000 files on its company network. A ransom demand followed – the criminals would decrypt the company’s files in exchange for more than £3,000.
With the virus proving impossible to remove without the loss of crucial company data, the firm had no choice but to pay up."
(The Guardian, Feb 2016)
A single click on a bad link could lose your company thousands of pounds and put you in a very difficult situation at work. Fraudsters disguise their emails to look as though they are coming from a trusted source (like a bank or even from within the company). These phishing emails attempt to trick you into:
- Clicking on a link to visit an authentic-looking website which will either ask for personal or company details or is infected with malware (software that can harm your computer).
- Opening an attachment disguised as a normal file, such as a Word document, but which actually contains malware.
How can I avoid this?
- Never click on attachments or links in emails from unknown sources. If in doubt, contact the person or organisation the email claims to have been sent from through a different channel.
- Take your time with links in emails. Hover your cursor over the link to reveal its true destination, shown in the bottom left corner of your screen. If visiting another organisation's website to sign in, such as your bank or a supplier, go to the login page by typing the web address directly into your browser rather than following a link.
- Unsubscribing from phishing emails can also be dangerous, as the "unsubscribe" link could lead to malware.
- Watch out for emails from hacked accounts of known contacts and check their legitimacy through a phone call or different channel.
- Sometimes phishing emails may contain misspelt words, poor grammar or address you as “customer” rather than your name. However, modern fraudsters have developed their approach and the email may appear legitimate at first glance.
Get Safe Online provide further advice on email security.