Scammers and cyber criminals use every tool they can to access data and gain control of computers and mobile devices.

That means businesses and employees must be on guard constantly, treating every email, every phone call and even text message with extreme caution.

Here are some of the techniques they use and how to avoid falling victim to them

Email phishing

Phishing scams try to trick you, and sadly, many people fall for them, getting their passwords, account details and business data stolen.

They may pretend to be from your bank or a company you know and trust; that is why it is good practice to treat every email with suspicion, especially those claiming to have noticed suspicious activity in your account or asking for personal information, as well as those asking you to click links.

In the case of ‘spear phishing’, these emails will appear to be targeted at you.

How to protect yourself and your business from phishing and Spear Phishing scams:

  • Protect your devices with security software (and set it to update automatically)
  • Protect your accounts by using multi-factor authentication; this can either be something you have, such as a passcode sent to you via a security key or something you are, like a fingerprint scan, retina or facial scan.
  • Back up your data regularly to a trusted cloud-based storage solution or an external hard drive.


Whaling is similar to phishing but aimed at the highest members of an organisation, such as executives and senior managers, particularly those in financial and payment-related businesses.

A Whaling attack can be well-researched and sophisticated, containing personal information, a sense of urgency and often a solid understanding of the industry’s technical terms and tone. They can cause devastating damage to a company’s reputation.

How to protect yourself and your business from whaling attacks:

  • Training and awareness at the highest level
  • More training and awareness, including regular refresher courses
  • Flag emails that are not from your network automatically
  • Consider making social media profiles private
  • Invest in data loss prevention measures and protocols


Do we treat the danger of SMS or text-based ‘smishing’ with the same levels of diligence as we might with email phishing? Many might not and fall prey to revealing personal information such as credit card numbers and passwords or downloading malicious programs to their work mobile devices.

How to protect yourself and your business from smishing attacks:

  • Treat so-called urgent security alerts, offers and deals with extreme caution
  • Remember, no reputable company will ever ask you to confirm banking details, ATM pin codes or account information via text message.
  • Avoid storing bank details on smartphones; if the information isn’t there, it can’t be stolen.
  • Be wary of unfamiliar or suspicious-looking numbers


Vishing or voice calls are one of the most widely used methods by fraudsters looking to access data, bank details and personal information.

Many scammers are incredibly good at gaining confidence; combine that with an exponential rise in remote working and the ease with which scammers can access basic information about any of us, and it is easy to see why so many are caught off-guard and fall prey to the (friendly) voice on the end of our phones.

How to protect yourself and your business from vishing attacks:

  • Calls from your bank or official agency are a mobile number; it is almost always a reason to be suspicious
  • Check the number even if it appears to be genuine. An automated caller ID is no guarantee of a legitimate call.
  • If the caller asks for money, mentions a deadline or tries to ask about confidential information, that is a sign of vishing.
  • Refuse to install software on your devices to fix an alleged problem if prompted to do so

If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.

Try our quiz