Phishing is still the number one way businesses get hacked. Not sophisticated zero-day exploits or advanced malware. Simple, convincing emails that trick someone into clicking a link, entering their password, or opening an attachment.
In Jersey, we see phishing attacks targeting businesses every single day. Here is how to spot them and what to do if someone in your team falls for one.
The Telltale Signs of a Phishing Email
Modern phishing emails are much more convincing than they used to be. Gone are the days of obvious spelling mistakes and Nigerian prince stories. Today's phishing emails often look identical to legitimate messages from Microsoft, banks, delivery companies, and even your own colleagues.
But there are still signs to watch for:
- Urgency:"Your account will be suspended in 24 hours" or "Immediate action required." Legitimate companies rarely create this kind of pressure.
- Sender address:the display name might say "Microsoft Support" but the actual email address is something like support@m1crosoft-alerts.com. Always check the full address.
- Links that do not match:hover over any link before clicking. If the button says "View Invoice" but the link goes to a random domain, it is phishing.
- Unexpected attachments:especially ZIP files, Office documents with macros, or PDFs from unknown senders.
- Requests for credentials:no legitimate service will ask you to "verify your password" by clicking a link in an email.
Real Examples We Have Seen in Jersey
Here are some of the most common phishing attacks targeting Jersey businesses:
- Microsoft 365 login page:an email claiming your password has expired, linking to a fake Microsoft login page that captures your credentials
- CEO fraud:an email apparently from your CEO or director, urgently requesting a bank transfer or gift card purchase
- Shared document notification:a fake SharePoint or OneDrive sharing notification that leads to a credential harvesting page
- Invoice phishing:a realistic-looking invoice from a "supplier" with a link to "view the full invoice"
What to Do If Someone Clicks
It is going to happen eventually. No matter how well-trained your team is, someone will click a phishing link at some point. What matters is how quickly you respond.
- Change the password immediately:if they entered credentials on a fake page, change the password for that account right away
- Enable multi-factor authentication:if it is not already enabled, this prevents attackers from using stolen credentials
- Check for forwarding rules:attackers often set up email forwarding rules to silently copy emails to an external address
- Scan for malware:if they downloaded an attachment, run a full security scan on their device
- Report it:let your IT team (or us) know immediately so we can check for any wider compromise
How to Protect Your Business
The best defence is a combination of technology and awareness:
- Email filtering:advanced email security that catches phishing before it reaches inboxes
- Multi-factor authentication:even if credentials are stolen, attackers cannot get in without the second factor
- Security awareness:regular reminders and examples so your team stays vigilant
- Incident response plan:everyone should know what to do if they suspect a phishing email
Our cybersecurity services include email security, phishing protection, and incident response for Jersey businesses. We also provide IT support that includes security awareness guidance for your team.
Think your business might be vulnerable? Get in touch for a free security assessment.
