How to Spot a Phishing Attack: A Guide for Liverpool Businesses

Phishing is a form of cyberattack that is extremely damaging to Liverpool businesses. Once the information is handed over, the attacker can easily gain access to your business’s entire IT network to carry out disruptive illegal activities such as the installation of ransomware or data theft. Recovery from such breaches is painful and expensive.

E2E Technologies helps Liverpool businesses to keep their networks safe. In this no-nonsense guide we will show you how to become a pro at spotting phishing attacks to avoid costly security breaches.

Common signs of phishing

Once you are familiar with the common signs of phishing, and – importantly – your teams have been fully trained to the same degree, you have taken a giant leap towards protecting your business from cybercriminals.

There are many red flags to look for:

• A request for sensitive information

It is highly unlikely that a legitimate person or organisation will request passwords or bank card details in an email or message.

• Suspicious email addresses

Look out for unusual domains. You can find the full address of a sender by hovering over the URL. The sender name on the email may be a well-known retailer, but the actual address is a personal Gmail or Hotmail account. Carefully check for misspelt brand names in the email address; just one letter can make all the difference.

• Generic greetings

A generic greeting such as Dear Subscriber, or Dear Customer is impersonal, and indicates that the sender really doesn’t know you.

• Urgent requests

One way in which phishing emails and messages work very well is by instilling fear into the reader. Threats to close accounts or issue penalties create a sense of urgency and make people react far more quickly than they should. Not enough time is given to carefully considering the safety of the response.

• Grammatical errors and spelling mistakes

Reputable people or organisations work hard to ensure there are no spelling or grammatical errors in their communications. It’s bad PR and shows a lack of care and attention. If there are spelling errors in the email or message, take time to consider its legitimacy. It is also often easy to identify when an email has been poorly translated from another language, yet it claims to be from a UK business.

Recent phishing scams in Liverpool

In the summer of 2024, a phishing scam aimed at Screwfix customers was used to lure tradespeople and businesses into completing a quick survey with a chance to win a free Stanley tool kit, saying that the offer was expiring that day.

The University of Liverpool was also subjected to a phishing scam when students received emails and messages saying they had been awarded a grant from the Department for Education. Around the same time some members of the university received an email purporting to be from its CSD Service Desk. The university issued a notice that outlined all the red flags in the email to highlight how recipients can be vigilant going forward.

Infosecurity Magazine warned of a Starbucks phishing scam in the UK that promised coffee drinkers a free Starbucks Coffee Lovers box. Action Fraud received over 900 reports of the scam within two weeks. An earlier Starbucks phishing scam regarding a coffee gift offer claimed a friend had made an order and their details had been given for a ‘special gift’.

Phishing scams are a major threat, regardless of the size or location of an organisation.

What to do if your organisation falls victim to a phishing attack

If an employee clicks on a phishing link, here are some steps you should take very quickly to try to mitigate any damage, i.e. before the cybercriminal uses the information to hack your systems.

• Don’t provide any information that the hacker wants
• Disconnect from the internet and come out of the WiFi network. This can stop malware from spreading to other devices
• Do a backup to an external hard drive or USB before any data is wiped
• Run a full scan of your antivirus software, allowing it to clean up any issues it finds
• Make all employees change their passwords to strong passwords that hackers will find difficult to guess
• If you believe you have already been hacked because of suspicious activity or you’ve been locked out of your account, check your bank statements, inform your bank and contacts, and report the crime to Action Fraud. You can also report the scam to the National Cyber Security Centre for investigation.

Liverpool businesses can avoid phishing scams and other cyber threats through robust cybersecurity

Vigilance is the key to avoiding phishing scams. All employees, whether they use your devices or their own, should be fully trained and regularly reminded about how to identify phishing attacks.

Cyberattacks come in many different forms. A preventative approach will protect your business from the activity of cybercriminals if an employee does click on a phishing link. This is where cybersecurity and safeguarding, tailored to your business’s needs, pays dividends.

Get in touch with E2E Technologies to discuss how we can help to keep your organisation safe.