Phishing - Don't Take the Bait

In this article, we look at how to stay safe and vigilant against phishing emails, fake charity websites and other malicious websites. The average cost of cyber security breaches in the last 12 months in the UK was £2,670 across all industries, and figures increase as the size of the business increases.

Phishing emails

Companies have seen an increase in malicious cyber activity which has used the war in Ukraine as a way of luring in victims. Action Fraud has warned about fake emails pretending to raise money for the casualties of the war. Activities include:

  • Selling t-shirts and using advance fee fraud – when someone asks for payment in advance for goods and services
  • Phishing emails – where an email includes a link to a malicious website
  • Emails with attachments containing malware

There are many examples of various campaigns which seek to replicate or pretend that they are from organisations such as the Red Cross, and fake websites that impersonate aid organisations containing malware (including ransomware) are prominent.

Unfortunately, major events often lead to an increase in fraudulent activity, with many new scams arising over the last two years as a result of the Covid-19 pandemic. Scammers are opportunistic and the pandemic, like the war in Ukraine, provides them with an opportunity to try and extract personal details or money from victims who may be scared or distracted, or want to donate to what they think is a good cause. Fake emails or text messages purported to be from NHS contact tracers or contained requests for money to fund PPE, medicine and sanitiser. 

What you need to do

While internal security software blocks most of these threats before they reach employees, some inevitably slip through the net. All employees must remain vigilant and take the necessary precautions to protect their organisations.

Action Fraud advises employees to:

  • Be suspicious of emails that ask you to check, renew or share your logins or passwords
  • Never click on the links or attachments in suspicious emails or respond to unsolicited messages asking for personal or financial details - even if they are in the name of a charity
  • To donate online, type in the address of the charity website rather than clicking on a link
  • Be cautious when donating to an online fundraising page - fake ones are often poorly written or contain spelling mistakes
  • When donating, check the charity's name and registration number on the government's website. Charities with an annual income of £5,000 or more will be registered
  • If the email claims to be from an official source, it will likely have graphics and images. Do they look legitimate?

Cyber attacks are potentially catastrophic events for firms, potentially causing financial loss, business disruption and reputational damage, and the UK cybercrime rate has doubled in the past five years.

Firms must review and update their IT security policies and ensure staff are trained and provided with the information they need to detect breaches.

If you need assistance reviewing your policies and procedures, please get in touch with a member of the IHRS team. Email HRhelp@ihrsolutions.co.uk, call 01604 709509 or visit our website.  

About the author

Laura is a HR professional with 20 years’ experience with Financial Services, the majority of which has been within insurance. In her role with UKGI Group, Laura provides objective support to firms on employment law and HR issues. She uses her interpersonal skills and knowledge to work with firms to help them develop strong and resilient HR strategies and establish healthy organisational cultures. Laura’s clients receive personalised support with a real can-do approach.

Laura is an Associate of the Chartered Institute of Personnel and Development (CIPD). She holds a Diploma Professional Development Scheme.

Get RWA Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here