When should I forward a phishing email?
Reporting phishing attempts is a proactive way to help protect yourself and your business. Cyber criminals are becoming more sophisticated in their methods so understanding what phishing is and how to protect yourself is becoming increasingly important.
What is a phishing email?
The term ‘phishing’ is used to describe cyber-attacks by email where the aim is often to make you visit a website or click on a link or an attachment, which may download a virus onto your computer, and steal passwords, bank details, or other valuable personal information. As our inboxes fill up on a daily basis with many benign emails, a phishing email may go unnoticed. A phishing attack can install malware, sabotage systems or obtain intellectual property and money.
It’s important to remember that any size of organisation can fall victim to phishing emails. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against your company, where the aim could be something much more specific, like stealing sensitive data. Gathering information in a targeted attack could be used in the future to target your business with a more persuasive or realistic scam so that they obtain larger amounts of money.
Are phishing emails hard to spot?
A phishing email may be difficult to spot at first as they are intended to look realistic to catch you off guard. Here are some things to look out for when identifying a phishing email:
- The sender’s email address is not associated with a legitimate domain name
- Legitimate companies don’t request you sensitive information via email
- The email does not pass SPF, DKIM, or DMARC checks
- A generic greeting is used in place of a name
- The body message is full of errors
- There is a time limit or uncharacteristic sense of urgency
- Links in the body message do not match the sender’s domain
Who should I notify about a phishing email?
If you have received a potential phishing email you can forward it to report@phishing.gov.uk. The National Cyber Security Centre (NCSC) is a UK government organisation that has the power to investigate and take down scam email addresses and websites. Reporting a scam is free and only takes a minute. It is worth noting that sometimes a forwarded email may not reach them because it’s already recognised by spam detection services. You can also take a screenshot of the email and send it to them. You can even forward text messages to 7726 in the same way.
Always remember never to click on any links within suspicious emails and also you don’t need to forward the suspicious emails you find in your spam/junk folder.
By reporting phishing email you are not only helping to protect yourself and your business as it makes you a harder target for scammers and reduce the number of scam communications you receive, it helps protect others from cybercrime online too.
If you do accidentally click on a link or attachment on a phishing email you should report this to your IT team without delay.
For more information about reporting phishing emails visit the Cyber Resilience Centre website here https://www.wmcrc.co.uk/post/why-it-s-helpful-to-forward-phishing-emails-but-only-to-one-email-address.
Alternatively, you can contact the Sutcliffe & Co Team on 01905 21681 to discuss additional ways to safeguard your business with Cyber Essentials Certification and cyber insurance.