BDO, a business consultant and tax auditor reported that six of out ten-midsized businesses in the UK were victims of fraud in 2020. The average loss of these attacks was £245,000.

More often than not, when you are targeted by a phishing attack, this is part of a coordinated cyber-attack with the goal being to extract your personal information. A trend that is currently being seen is using LinkedIn to scam businesses, the fraudsters will target those who list themselves as working for the target company on LinkedIn or that they have connections to the company.

The fraudsters are able to engage with victims using spam bots, they will send a phishing email to those identified on LinkedIn that are connections or employees and use the information they’ve gleaned to form a convincing email.

The email aims to gain the victim’s trust and lure them into giving valuable information or transferring money. Over the last few years, there have been examples of this with the Royal Mail chatbot scam, DHL Express, and Facebook Messenger.

Action Fraud produced the below video to demonstrate how easy it is for cybercriminals to find out information about you, using what you have shared online. How would you fancy ordering a coffee and having your maiden name, bank details and address written on your coffee cup?

How do I protect myself and my business?

There are some simple steps that you can take to reduce the risk of being targeted by one of these fraudsters. These include:

• Double checking the senders’ details - if you don’t recognise it DO NOT REPLY!
• Double check the email subject, were you expecting this email?
• Consider every piece of information that you share online, the less you share the better!
• If you are contacted by someone suspicious claiming to be a contact you know, use another means to contact that person rather than responding to the email/phone call.
• Install security software such as antivirus programs and spam filters to stop employees from accessing malicious websites.
• Ensure that all software is updated with the latest security patches and updates.
• Enforce password policies that ensure all passwords will include a minimum password length, numbers, and special characters to add complexity.
• Use two-factor authentication to remain in control of your accounts even if hackers compromise your accounts and systems.
• Train your employees to make sure they know how to spot the signs of a suspicious emails and other cyber-attacks. Training should be regular and not a one-off occurrence to keep the HR department happy.

Start protecting your business today with The Cyber Resilience Centre for the West Midlands

To help you to guard your business against cyber-attacks in the way you would protect your premises against fire and flood, we offer a free membership package. This is not a membership package that puts a heavy demand on you, instead, it gives you access to regular simple, easy-to-follow guidance, tools, and resources as well as the opportunity to have a jargon-free 1:1 conversation to help you understand your current business cyber-related risks.