UNSUSPECTING staff can be the weak link causing a rising number of businesses to fall victim to email scams, a cyber security specialist has warned.
Matt Horan, director of Poole-based C3IA Solutions, has warned about the number of “phishing” messages aimed at persuading people to hand over confidential information.
Hackers purporting to be from government departments, recognisable businesses or other institutions email individuals encouraging them to clilck on a link.
Clicking on the link enables fraudsters to steal money, harvest personal details, gain company intelligence and disable systems.
Mr Horan, whose company is one of 14 in the country certified by the government’s new National Cyber Security Centre (NCSC), said: “This is a real security issue for businesses.
“So often it is the staff who are the weak link in any digital security set-up. They do nothing intentional but are not aware of the tricks that fraudsters use.
“Spam filters are easily bypassed by the crooks and just one click can lead to all sorts of problems; loss of data or money, infection of systems and possible malfunctions.
“If an email looks like it is from a genuine source then staff are far more likely to click on the link.
“Increasingly we are being brought in to companies to train their staff on how to recognise the warning signs.
“A bit of knowledge can go a long way and prevent real difficulties for businesses.”
Earlier this year, a report by Get Safe Online and Action Fraud said there had been a 22 per cent increase in cyber crime over 12 months, resulting in losses of more than £1billion.
C3IA Solutions has issued a list of checks people should make when receiving unexpected emails:
Does the address look like someone you know or recognise? Is it their usual address or is there a minor spelling mistake?
Hover your mouse over any embedded links to see what they say. If it is a phishing attack, there is a good chance the link will be different from that displayed.
Is the email threatening in any way, by stating something needs to be done immediately or that you will be locked out of an account if you do not click on a link?
Does the email have bad spelling or grammar?
Does it appear to be from a government agency saying you owe money or need to enter personal information?
Does the emailer use a general salutation such as “Dear customer” or “My dear friend” rather than your name?
If the email looks legitimate but you are still unsure, the company advises that you call the sender – checking that the number you’re calling is legitimate and not taken from the suspicious email.