‘Phishing’ is a technique used by cyber criminals to acquire your sensitive data, such as bank details or personal information.

Often, these criminals use scam emails, text messages or phone calls to trick their victims, posing as ‘legitimate’ businesses or trusted individuals.

And whilst phishing has been around for decades, it remains one of the most prevalent forms of cyberattack, as attacks get more sophisticated each year.

Phishing attacks can have huge detrimental financial consequences on both individuals and organisations, and can cause significant reputational damage. They can also put crucial, institutional systems at risk.

Recognise, Avoid and Report

Recognising a phishing attack is one of the best lines of defence. Aside from the usual spelling mistakes and grammatical errors, consider:

1. Is the message threatening or intimidating? (For example, ‘Your account will be closed if you do not do xyz’)
2. Are you being addressed generically, rather than personally? (For example, ‘Dear user’)
3. Are you being asked to do something unusual? (For example, download unknown software)
4. Are there discrepancies in links and/or addresses? (For example, when you hover over a hyperlink, what is the destination site? Equally, what is the sender’s email address? Are there discrepancies?)
5. Are you being asked to disclose any personal information?

Any of these examples may be indicative of a phishing attempt.

Reporting

In the first of our Cybersecurity awareness month articles shared last week, we highlighted one of the quickest ways you can report a phishing message.

In the message list, select the message or messages you want to report.

Above the reading pane, select Home > Report Message to report the message sender. This will send a notification to our Security Operations team, which will allow us to put blocks in place.

In DTS, our dedicated cybersecurity team use multi-layer phishing mitigations in place to defend against phishing attacks, including anti-spoofing controls, filtering systems, security software, MFA and real time link checking.

All staff are also expected to complete mandatory cybersecurity training each year, and report suspicious activity as a matter of priority, either by the ‘Reporting’ function in Outlook, outlined above, or via the IT Service Desk,

Should you have any questions or concerns regarding cybersecurity, please contact Mark Hewitt, Head of Cyber Security in the first instance.