With reports of mass phishing emails purporting to be updates or providing resources regarding Coronavirus in circulation, we wanted to remind you of the steps you can take to help keep your business safe. 

What is a phishing email?

A phishing email is a type of cyber-attack carried out through email, with the intent of duping the recipient into giving away sensitive information or access to their company’s network.

Emails appear to be from trusted organisations or authorities such as health services, government or IT system providers where the attackers use malware in the form of attachments or website links. Phishing can also be carried out via telephone.

In today’s circumstances, the content of phishing emails can include Coronavirus outbreak maps, emails from suppliers regarding orders or updates, or even pretending to be your own company’s IT department or outsourced provider.

What is malware?

Malware (or malicious software) is a type of software intentionally designed to cause damage to a computer, server, client, or computer network.

Tips on identifying a phishing email:

• From email - Review the from email and subject line, do they look unusual?
• Check the greeting – If the email is from a known source it is likely that they will have your name, therefore a generic greeting can be a warning sign.
• Content - Be aware of the language, grammar and typos – how well is it written? 
• Format - Cyber criminals often mirror the branding and fonts of companies as a disguise, however there will be noticeable differences.
• Links – Hover over the links to see where it links through to, does the website URL match what the email claims?
• Email footer - Review the email footer as the information it contains can help identify a phishing email. 
• Past communications - If the phishing email is posing as a trusted organisation, consider how they have communicated with you in the past (if ever). Is it unusual for them to contact you via email? Banks for example will not ask clients for information by email or telephone.

What to do if you believe you have encountered a phishing email:

• Do not open any links or attachments included in the suspect email.
• Speak to your IT department or outsourced IT provider immediately.
• If possible, communicate with colleagues and/or marketing department to notify all colleagues of the phishing email once confirmed as harmful.

What to do if your systems have been breached:

Speak to your IT department or outsourced IT provider immediately.

If you have a cyber policy in place:

• Contact your breach response hotline with your IT department (or outsourced IT provider) immediately using the contact information included in your policy.
• Provide them with full details of what has happened.
• Contact your insurance broker who will be able to liaise with your insurer.