Have you heard of phishing?
Phishing has been in the news and on social media a lot in recent months. Have you received an email from HMRC, PayPal, your bank, delivery companies like UPS, or maybe you’ve received an email claiming ‘you’ve won an iPhone!’? These are common examples of phishing emails aiming to catch you out.
What is a phishing email?
A phishing email is designed and targeted by cybercriminals or ‘hackers’ to create the illusion of a genuine email. They normally claim to be a company that does exist, but the email will not be from the genuine company. For example, they could be trying to look like a delivery company that was ‘unable to deliver your parcel’ or HMRC with ‘fraud that needs to be actioned’. These emails can look very genuine but will have dangerous consequences. Most often these emails will contain a link that when clicked by the user will usually ask for some sort of personal details or can place viruses or software onto your device.
How does this affect the care sector?
Nourish has noticed an increase in attempted phishing emails in the sector over the last 6 months, these emails are targeted and can look very genuine. Some phishing emails have come to us pretending to be from companies such as care providers, NHS, HMRC, Microsoft and many more, some of which have been very good copies. These emails look exactly like a message from an organisation or person you trust. Official sources should never be asking you for any sensitive information via email.
What are the consequences of a phishing email?
Attacks can cause serious problems if not handled correctly or caught early. The hackers can install malware or ransomware, sabotage systems, steal intellectual property or money, steal or lock access to data or personal information.
The costs to recover this can be very large if they ever do return the property or data they have stolen or accessed. They simply may publish the information which could lead to claims or reputation damage.
The cost of productivity to recover or recreate what is stolen or lost may also cost a company significantly.
It can cause loss of customers if trust is broken, and they may no longer trust the organisation to keep their information or customer data safe.
Financial costs of fines or penalties for breach of regulatory requirements would also be a considered factor if there is more that could have been done to prevent the attack.
How will I know if it is a phishing email?
Knowing for sure is impossible however, some key things to look out for to identify a phishing email are:
- Bad spelling and grammar
- First time sender or an unknown contact
- Generic greeting or lack of personalisation
- Suspicious links, attachments or broken images
- A lack of context as to why a link or attachment is in the email
- Urgency or threats to do activities quickly
- Email domains that don’t look like official company domains
- An email you are not expecting to receive
What should I do if I receive a phishing email?
If you believe an email may be suspicious or phishing, ensure firstly that you do not click on any links or attachments. If you think it might not be genuine but is something you are unsure about, find a phone number for the company on another source and call to validate.
If the email is sent from a person you think you might know, contact them on another method of communication to ensure that they sent the email.
Most email providers allow a reporting option to report any suspicious emails, this allows email systems to improve the detection of phishing emails. Some providers will also spam emails into a separate spam inbox.
Finally, when you suspect or think it is a phishing email delete the email from your inbox to avoid accidentally clicking or opening in the future.
What should I do if I think I have been caught by a phishing email? e.g. clicking a link or opening an attachment in a suspicious email
First, don’t panic! Make a note of everything you can remember happening, especially taking a note of any information you think they may have gathered from you during the phishing attempt.
Change any passwords as soon as you realise you may have been compromised, also changing the password if it is used elsewhere.
Where possible check any access to the account in question to see if any new attempts have been made to access it.
If this attack was on a work or school computer, contact the appropriate person or IT Department as soon as possible in order to start working toward securing all accounts where possible.
If you shared any information including card or bank details contact your local police, bank and card company as soon as possible as they will be able to stop the cards or money being taken if it is still yet to happen.
Top tips to help prevent phishing
As discussed, the consequences can be significant. However, there are ways you can protect your care service:
- Where available, set up two-factor authentication or multifactor authentication to make it harder to access your accounts with just a username and password.
- Don’t reply to emails or open any links and attachments unless you are sure of the recipient and the intentions behind the email.
- Never provide personal data over the phone or through email links, always ensure you are going through known websites such as the bank website if entering any personal information or details.
- Delete phishing emails, report the sender and the emails to help protect yourself against these attacks.
- Inform colleagues and follow company procedures on passwords and information security
- Consider setting up a phishing policy or training for employees
Being vigilant to phishing emails and knowing what to do if you do receive one and even what to do if you become a victim of one is extremely important.
To find out about Nourish’s data security management take a look at our blog.