It is not just emails that are used as a point of access

Although the use of email for the purposes of phishing is very common, it is not the only source; SMS messages, phone calls and instant messages can also be used to this end. Bearing in mind that malicious communications are progressively more difficult to detect, make sure that both you and your team are asking yourselves these questions before taking action:

  • Were you expecting the message?
  • Do you know the sender?
  • Are you being asked to click on a link, share information or download a file?

If in doubt, verify the information with a trusted source, such as an official website or telephone number stored in your list of contacts. If you fail to verify the information, report it.

Infographic: How to detect phishing

Be aware of the threats

  • Untargeted attacks: The most common type of phishing targets a large volume of people, claiming to be from a well-known brand or company, as it is more likely that the potential victim has an established relationship with them. This is one of the most commonly used techniques as part of ransomware attacks.
  • Spear phishing or targeted attacks: Este tipo de phishing se dirige a personas y roles específicos dentro de una empresa. Utilizando información disponible públicamente e ingeniería social, los ciberdelincuentes recopilan gather details about victims to create credible messages and deceive them into sharing confidential information or making a payment, as is the case in CEO fraud.

    Make it more difficult for your identity to be stolen

    Cybercriminals might also try to claim to be from your company and deceive your customers or suppliers. To help prevent this from happening:

    • Keep your communications consistent and personal, citing reference numbers, using the same font type and design, standardising employee signatures, etc.
    • Report any change in advance, so that customers and suppliers are aware, for example, if you change the email address from which you send invoices or confirm orders, informing them of the change in advance using the old address.

More tips for keeping your business safe

Protect your data and update your equipment

Online security starts with your digital devices.

Icon / Plus Created with Sketch.

Be discreet: only disclose when necessary

Everybody should know what can be made public and what cannot.

Icon / Plus Created with Sketch.

Protect and update your passwords

To safekeep your information and systems.

Icon / Plus Created with Sketch.

Report suspicious communications

That goes for you, your employees, suppliers and customers.

Icon / Plus Created with Sketch.