<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Find a course

    8 Tips to Protect Your Employees From Email Phishing

    Published on 20 Mar 2020 by Lynne Callister

    Criminals often take advantage of a crisis by using phishing emails that appear to originate from reputable and familiar organisations. We've got some tips to keep your team safe.

    Email phishing is a technique used by cybercriminals to spread malware when a recipient clicks on a call-to-action or link in an unsolicited email. When they are successful, the consequences  can be devastating for your business, your customers and your reputation.

    Recent examples of email phishing

    • In the UK individuals have been targeted by Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures'. The scale of attacks has prompted the National Cyber Security Centre (part of GCHQ) to step in and to automatically discover and remove malicious sites that serve phishing and malware.
    • The US Federal Trade Commission has reported a spike in email phishing related to the COVID-19 pandemic. A report from Digital Shadows found scammers posing as well-known and reputable organisations - including the World Health Organization and the Centers for Disease Control and Prevention. 
    • In the Czech republic a major Covid-19 testing hub at Brno University Hospital suffered a ransomware attack that disrupted operations and caused surgery postponements. Even after a week, the Czech National Cyber Security Center and Czech law enforcement had still not fully restored digital services.
    • In Japan cyber-criminals spread the Emotet banking trojan malware by posing as the state welfare provider and distributing infected Word documents. 

    Help your employees reduce the risk of email phishing

    There are no fool-proof methods to prevent phishing. But you can reduce the risk by installing anti-phishing tools and making your employees aware of the risks.

    Generally, in the workplace there are many ways employees are protected from malware, but even these are not always successful. That's why it is important to try and avoid the consequences by following a few simple guidelines.

    1. Keep your software up-to-date! It may seem obvious, but both at home and at work the first line of defence against attacks is the anti-malware software on your network or device. It takes seconds to keep it updated and mitigate the consequences of any mistake you might make.
    2. Be sceptical from the start about any email you get from a recognised brand (such as a bank, utility, shopping or tech firm) that asks you to click a link, provide your personal information or passwords.
    3. Avoid oversharing information about your position, title and where you work on social media - it can make you more susceptible as scammers can use it to make their emails more credible (e.g. "Hey I work with Julie in Accounts at X").
    4. Train yourself to recognise personal styles (e.g. how people generally communicate with you, words and phrases they use, their usual sign off, etc.) - this can help you detect impersonators.
    5. Delete any suspicious emails you get without opening or clicking on any links or forward them to IT for investigation - don't let your curiosity force you into an error.
    6. Don't respond to information requests from generic senders - e.g. IT, HR or Payroll.
    7. Watch out for red flags:
      - Generic greetings (e.g. Dear Customer, Dear User, Dear Colleague, Dear Friend)
      - Inconsistent or unusual sender information (e.g. email domain, sender name)
      - Poor formatting (e.g. poor quality logos, inconsistent font sizes and colours)
      - Spelling/grammar mistakes
      - Alarming content with dire warnings and claims of serious consequences, often coupled with a need to act urgently
      - Incorrect facts (e.g. locations/names)
      - Offers of financial rewards or penalties 
      - Lack of legally required links to unsubscribe etc.
    8. Finally, trust your instinct - if it sounds too good to be true, it usually is.

    Free Cyber Security Training Presentation

    Want to know more about Information Security?

    As well as 40+ free compliance training aids, we regularly publish informative Information Security blogs. And, if you're looking for a compliance training solution, why not visit our Compliance Essentials course library.

    If you've any further questions or concerns about Information Security, just leave us a comment below this blog. We are happy to help!

    Leave a comment


    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    How Should You Deal With Vulnerable Customers?

    Consumer vulnerability in the UK is a subject which has received a great deal of attention over the last few years. It's especially important in times of disruption or change. The financial services ...

    Read More
    7 Steps to Manage Organisational Change Effectively

    We live in an age where change of one kind or another is inevitable. But, by following a few simple steps, you can quickly become a leader in managing organisational change. One minute it's new ...

    Read More
    Compliance Essentials News - March 2020

    This month's round-up of key compliance news includes fines for Cathay Pacific, Betway and Apple, Starbucks/Nespresso child labour, Coronavirus preparation and more... Our pick of the most ...

    Read More
    8 Tips to Protect Your Employees From Email Phishing

    Criminals often take advantage of a crisis by using phishing emails that appear to originate from reputable and familiar organisations. We've got some tips to keep your team safe. Email phishing is a ...

    Read More