Phishing explained

Phishing has earned its namesake by ‘luring’ people in with legitimate-looking emails, websites or advertisements and hoping that they will bite by providing the information that the criminals have requested. This is usually credit card numbers, account numbers, passwords, usernames or other valuable information.

This is often done via an email or text message. Commonly, they include a link that will appear to take you to a company’s website to fill in your information, however, it is a very clever fake. That information that you then provide goes straight into the hands of the scammer. From there, they may be able to access your email or bank accounts.

Thousands of these phishing scams are launched day in day out across the globe – but that doesn’t make them any easier to spot. Here are a few scary phishing statistics to put their success into perspective:

• 97% of users cannot identify a sophisticated phishing email
• 85% of organisations have suffered from phishing attacks
• Nearly 1.5 million new phishing websites are created each month
• 78% of people claim to be aware of the risks of unknown links in emails, yet click anyway
• SaaS and webmail services accounted for 34.7% of phishing attacks internationally

How do I spot a phishing scam?

Unfortunately, scammers are always updating their tactics in order to become ever-more convincing. There are some signs that you can look out for to help you recognise a phishing email or text message.

The aim of a phishing scam is to look like they are from a company that you know or trust, such as your bank or credit card company. They often tell a story to trick you into clicking on a link or opening an attachment. This could be:

• Letting you know that they have noticed some suspicious activity or log-in attempts
• Claiming that there is a problem with your account or payment information
• Asking you to confirm personal information
• Sending you a fake invoice
• Claiming that you are eligible for a government refund or tax rebate

Next time you receive an email like this, there are a few things that you could check. Firstly, the email address that the message has come from. No legitimate organisation will be contacting you from an ‘@gmail’ or ‘@hotmail’ account domain, or similar. Instead, they will have their own email domain which will often be the name of the company i.e. @google.com or @nationwide.co.uk. If you are unsure what a company’s domain is, you should be able to find out via a simple Google search.

And don’t be fooled by simply looking at the sender’s name. It might say the name of your bank or another familiar organisation, but if you actually check out the email address then it might not match. If it’s not a match, then you can assume that the email is part of a phishing scam.

Another thing to keep a close eye out for is copy errors within the email/text. This could be spelling errors, grammatical errors such as not including a full stop at the end of a sentence, or something very subtle like including a space before a full stop at the end of a sentence, or a capital letter where it doesn’t belong. A phishing scam may simply be poorly written and worded in a strange way that you wouldn’t expect from a legitimate organisation. This should ring alarm bells.

Examples of phishing scams

Over the years, phishing scams have evolved to take on a few different formats. Here’s a handful of the most common that you may come across:

• Standard email phishing – the most widely known form, this is an attack to attempt to steal sensitive information via an email that appears to be from a legitimate organisation
• Malware phishing – similar to above, this attack encourages the target to click a link or download an attachment. From there, malware can be installed on the device
• Spear phishing – highly-targeted, well-researched attacks generally focused on business executives, public personas and other lucrative targets
• Smishing – refers to short links to smartphone users, often disguised as account notices or prize notifications
• Vishing – involves a malicious caller pretending to be from tech support, a government agency or other organisation, trying to extract personal information such as banking or credit card details
• Pharming – a tricky one to spot, this form of phishing reroutes legitimate web traffic to a spoofed page without the user’s knowledge, often to steal valuable information
• Clone phishing – this is where your email account becomes compromised and the scammer makes changes by swapping a legitimate link, attachment or other element with a malicious one, sending it to your contacts to spread the infection
• Business Email Compromise – involves a fake email pretending to be someone from within a company requesting urgent action. This can be wiring money or purchasing gift cards. This sophisticated tactic has been estimated to have caused nearly half of all cybercrime-related business losses in 2019

How to protect your business from phishing scams

No one wants to get caught out by a phishing scam, whether you are being targeted as an individual or as part of a business. However, there are things that you can be doing – and should be doing – to protect your organisation. It’s not enough to rely on your email spam filter as scammers are always finding ways to outsmart these. Instead, you should apply extra layers of protection to make it harder for scams to reach your network, such as security software, encryption and multi-factor authentication for access.

It may seem obvious but be aware of the red flags – and make sure your employees are too. Perhaps you could offer regular training to your team to give them the responsibility to be on guard for phishing scams. Make sure you keep up to date with any new scams that emerge and how you can combat them. Treat any unexpected emails or texts with suspicion and analyse them carefully before taking any action.

The best thing you can enforce when it comes to security is prevention. Do you have a security plan in place for your business and software? If not, you should seriously consider this. Ask yourself what would happen if one of your employees was to fall for a business email compromise phishing scam. How can you avoid this?

And it’s not only your business you should worry about – what about other businesses that you rely on? Do you have a software provider that you need in order to carry out your service? External threats could break your connection with them and you may not have a contractual right to access it. In this instance, make sure you have extra protection in place with SaaS Escrow. It protects your critical cloud-based and off-premise software in the event of your hosting provider going out of business, meaning you can access what’s yours for at least three months of business continuity.

If you are interested in making SaaS Escrow part of your security business plan, then we can help. Call LE&AS today on 0800 456 1115.

The post What is a phishing scam? appeared first on LE&AS.

Cyber security

Cyber security is one of the most important elements of daily business function. It is responsible for the protection of both company and client data, and also your business-critical software. If cyber security is jeopardised, would-be hackers can infiltrate your system within minutes, rendering software defunct and bringing the biggest corporation to its knees. There are, of course, standard security measures that you should be implementing such as data encryption, high level firewalls and antivirus protection. However, the biggest threat to your cyber security is often your own employees.

Staff security

Members of your teams may have access to both your business servers and the internet through work mobile phones, tablets and laptops. Each device they hold acts like a key into your company. If lost or stolen, this key could become a powerful weapon against your business in the hands of hackers. By making your teams actively aware of the need to safeguard your company cyber security then they are far less likely to make thoughtless mistakes that can have devastating effects. IT training alongside cyber security training can go a long way in protecting your data and your business software. If an employee knows how to use a system correctly, they are unlikely to misuse it. Ideally, removable media should be limited across the company, and any sensitive information should be stored off site to eliminate the risk of data loss or corruption.

Software Security

So, what happens when your business data or business critical software is in the cloud? Software as a Service (SaaS) relies upon a consistent connection with both the host provider and software provider. Should external cyber threats interrupt or break that connection, or your providers go out of business, then you will be left with blank screen syndrome and inaccessible data. This is where SaaS escrowcomes in.

LE&AS have designed Access Assure, a SaaS escrow plan that protects your cloud-based software access. Although we cannot stop cyber threats coming to your door, Access Assure works alongside your existing Disaster Recovery plans to help maintain service continuity should your providers go out of business.  SaaS escrow offers an enhanced level of security for businesses by monitoring your SaaS provision. Access Assure detects potential risks such as cyber threats or outages that may result in your provider ceasing to trade. In the event that these risks are identified, LE&AS offer you the opportunity to review your providers while we work to uphold SaaS access for up to three months.

Don’t sacrifice your cyber security this summer, let LE&AS help you protect your business software access today. Call now on 0800 456 1115.

The post Don’t sacrifice your software security this summer appeared first on LE&AS.

When things go wrong

Ask yourself the question; what if the unthinkable happened and your technology failed today? What if you were to lose access to your Software as a Service (SaaS) or watch client data be wiped from your hard drive? How long could your business actually survive without access to emails, data and software? A matter of weeks or a matter of minutes? The cold hard fact is that if our business technology fails then our businesses will likely fail also, unless we step in and do something about it fast.

Why things go wrong

Like most things in life, business technology is not invincible, and even the most robust ICT systems can and do fail. There are many reasons for this, it could be due to hackers or human error, or it could be due to a software provider failing to complete vital updates, or going into administration. Bespoke business software is often cloud-based or accessed via a software provider who holds the source code, so should this access fail or the service be withdrawn, end users are left with redundant software or a complete loss of all client data.

What can we do about it?

Preparation is the key to overcoming a business technology crisis, and contingency plans should be included in your business plan for when things go wrong alongside strategies to help you succeed. In the event of business technology failure, you will rely on these contingency plans to regain access to, and use of your business software and data as soon as possible. Regular backups should be completed and tested, but savvy entrepreneurs will go one step further and protect their business software before a crisis hits, and this is where Software Escrow comes in.

Why Software Escrow is the solution

Software Escrow is the perfect solution to protect your business technology as it enables you to gain access to your source code quickly in the event of a crisis. At LE&AS we offer a specific SaaS escrow agreement, AccessAssure, which features built in trigger points to highlight any potential issues with the provider in advance. We work hard to help you maintain your business continuity, so let LE&AS manage your escrow and give you total peace of mind.

The post Could your business survive a technology crisis? appeared first on LE&AS.