When should I forward a phishing email?
Reporting phishing attempts is a proactive way to help protect yourself and your business. Cyber criminals are becoming more sophisticated in their methods, so understanding what phishing is and how to protect yourself is becoming increasingly important.
What is a phishing email?
The term ‘phishing’ refers to cyberattacks via email that aim to trick you into visiting a website, clicking a link, or opening an attachment, which may download a virus onto your computer and steal passwords, bank details, or other valuable personal information. As our inboxes fill up on a daily basis with many benign emails, a phishing email may go unnoticed. A phishing attack can install malware, sabotage systems, or obtain intellectual property and money.
It’s important to remember that any organisation, regardless of size, can fall victim to phishing emails. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like stealing sensitive data. Gathering information in a targeted attack could be used in the future to target your business with a more persuasive or realistic scam, so that they obtain larger amounts of money.
Are phishing emails hard to spot?
A phishing email may be difficult to spot at first, as they are intended to look realistic to catch you off guard. Here are some things to look out for when identifying a phishing email:
- The sender’s email address is not associated with a legitimate domain name
- Legitimate companies don’t request your sensitive information via email
- The email does not pass SPF, DKIM, or DMARC checks
- A generic greeting is used in place of a name
- The body message is full of errors
- There is a time limit or an uncharacteristic sense of urgency
- Links in the body message do not match the sender’s domain
Who should I notify about a phishing email?
If you have received a potential phishing email, you can forward it to report@phishing.gov.uk. The National Cyber Security Centre (NCSC) is a UK government organisation that has the power to investigate and take down scam email addresses and websites. Reporting a scam is free and only takes a minute. It is worth noting that sometimes a forwarded email may not reach them because it’s already recognised by spam detection services. You can also take a screenshot of the email and send it to them. You can even forward text messages to 7726 in the same way.
Always remember never to click on any links within suspicious emails, and also you don’t need to forward the suspicious emails you find in your spam/junk folder.
By reporting phishing emails, you are not only helping to protect yourself and your business, as it makes you a harder target for scammers and reduces the number of scam communications you receive, but it also helps protect others from cybercrime online.
If you do accidentally click on a link or attachment on a phishing email, you should report this to your IT team without delay.
For more information about reporting phishing emails, visit the Cyber Resilience Centre website here https://www.wmcrc.co.uk/post/why-it-s-helpful-to-forward-phishing-emails-but-only-to-one-email-address.
Alternatively, you can contact the Sutcliffe & Co Team on 01905 21681 to discuss additional ways to safeguard your business with Cyber Essentials Certification and cyber insurance.
