Delayed phishing and SMBs

Phishing has been a popular and effective tool used by cyber criminals for several years now. And these attacks are only becoming more complex and sophisticated in order to bypass standard security protocols. One of these more sophisticated attacks is known as delayed phishing. But what is this? And what can SMBs do to avoid these attacks? Well, here at Creative Network Solutions, we are Preston’s leading IT support and network services experts. From secure remote access services to business VoIP, we are the team you can count on. And this is our guide to everything you should know about delayed phishing and SMBs.

What is delayed phishing?

Delayed phishing is a specific type of phishing attack that involves sending what looks like an innocent or believable message to the victim with a link to a web site or an app. When sending this message, the link address is usually linking to a legitimate page or a blank page, but once the message has been sent, criminals can then change the content of the linked site, to malicious content. This could be used to pass malware into your computer network, or to collect emails addresses and passwords for later access to your company network.

The important thing about delayed phishing attacks is that the linked content does not become malicious until after the email has been sent. This means that the email will not be filtered out or identified by any anti-virus or malware detection program when it arrives in the invoice, because at this point it is “clean”.

What can companies do to prevent delayed phishing attacks?

So, if delayed phishing attacks are designed to avoid detection from software, what exactly can companies do to prevent data breaches and cyber security issues caused by these attacks? Well, there are several things your company can consider. These include:

  • Scan emails- Using an email scanning software that continues to scan emails after they have arrived in your inbox can be a great way to prevent damage from delayed phishing attempts. This will will mean that as soon as the link turns malicious, it will be flagged and identified by the software.
  • Train staff- Full and thorough staff training is essential for your team. If a delayed phishing email does land in a staff inbox, you need your staff to be able to recognize this and know what to do, as this is the last line of defense for your company. Regular staff training with up to date scenario training, as well as a full and complex procedure and policy for dealing with this can be vital.

For more information or advice about your network security, systems, or cloud solutions, why not ask the experts today, here at Creative Network Solutions.