Stay alert to the threat of Phishing

Each day, we all receive lots of emails. Whether it’s from colleagues, customers, prospects, other companies and even friends or family. But how do you know which are genuine and which could be a potential scam? 

In the recent Cyber Security Breaches Survey, 32% of UK businesses reported having a cyber security breach or attack in the last 12 months. 80% of these businesses cited Phishing as the method of attack*. 

What is Phishing? 

Phishing is one of the most common tactics used by Cyber criminals. Their objective is to try and obtain sensitive and confidential information – like log-in credentials, bank details, security questions etc – by sending an email that looks like it’s from a legitimate organisation. 

Usually the email contains links to fake websites that replicate the real ones in order to get what they want. 

It’s not always a fake website

Once a criminal has successfully hacked a system, they’ll often use emails to target others…

Recently, one of our sales managers received an email from a “broker” requesting we change the bank account details used to pay them.

The message read: 

“I just received an urgent information due to ongoing audit on our previous account details given to you, we won't be able to receive the payment on the account. Kindly hold on with the payment and I will advise our new account details shortly”

Although the email address details were correct, the sales manager was suspicious due to the unusual request and poor grammar. So he emailed the broker and asked for a password that had been used previously. 

The correct password was then provided along with new bank account details. But even though the reply had the correct password, the sales manager was unconvinced due to the style of the email. He contacted the broker by phone, who confirmed they hadn’t asked for a change of bank details. 

The vigilance of the sales manager thwarted this attack, which would have resulted in payments not being sent to the broker. The attack, which appears to have been caused by scammers who'd hacked into the broker’s email shows how we should all be alert to scams.

How can you identify a suspicious email? 

The large majority of attacks of company networks are a result of a successful Phishing email attack. Here’s some helpful guidelines to keep in mind when you suspect a malicious email:

  • Personal information - Is the email asking for personal or financial information or asking you to login online?
  • Unexpected sender – Were you expecting the email and do you recognise the sender?
  • A sense of urgency - Does the email content contain a sense of urgency? (e.g. an overdue invoice or fine)
  • Links - Do any links in the email match the organisation it’s claiming to come from? Hover over the link to reveal the true destination.
  • Attachments - Does the email contain an attachment you were not expecting?
  • Spelling mistakes - Scam emails often look odd, with poor grammar and spelling mistakes.

If you’re still unsure about the validity of the email or you believe it’s been sent with malicious intent, it’s important you:

  • Don’t reply - Even if you think you know the sender, don’t reply to an email if it seems odd.
  • Don’t open links or attachments - These can put a virus or malware on your phone or computer.
  • Call ahead and make sure its genuine – Pick up the phone and check if the person contacting you has sent the email.
  • Report – Contact your IT team immediately. 
Make sure you're up to date

It’s important to make sure that your computer systems are safe and secure. Keep them up to date with the most recent patches, use malware protection (anti-virus) and protect your internet access. 

It’s also advised you change your passwords immediately if you suspect a scammer may have access to them.

Find out more

We have a series of 'Cyber Risk' modules available on our Aviva Learning and Development Zone, to help you brush up on your knowledge. Simply search 'cyber' on the Development Zone site.

For more information about registering for Aviva's Development Zone, email devzone@rwagroup.co.uk.

*Data from Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2019 report.  

Further information on computer security can be found at the UK Government’s 10 steps to cyber security here.

If you suspect someone has hacked your computers and Aviva or customer data is at risk, please contact your Aviva representative. 

Post a comment

Please Log in to post a comment.

Log in to save this page to your favourites.