Keep the phish in the sea and out of your travel and tourism business

Updated: May 6

‘Phishing’ isn’t what you do on those scenic trips out of the harbour. It’s the term for scam emails, which try to trick you into giving away your details or installing malicious software.


Every day in the UK over 156 million phishing emails are sent, 16 million of these pass the filters that are meant to stop them, leading to 8 million phishing emails still being opened.

When you’re busy – and let’s face it, this is likely to be the busiest season for a while if you’re in the UK tourist trade – it’s easy to get things wrong and give things away.


Phishing attacks are becoming increasingly difficult to spot, so it is extremely important that you are able to recognise the signs and know what to do if you think you’ve fallen victim to an attack. Once upon a time, they had bad grammar and spelling, and came from obviously fake addresses: but they’re now becoming more and more sophisticated.


You may have heard of some recent examples. Now that so many of us are doing some of our work from home, an email that says that you’ve got a company invoice to review doesn’t feel overly suspicious. But if it then takes you to a site that asks you to log on to your company account, you may well have just given away your work passwords on a fake website.


Or what about the ‘postage charges outstanding’ emails and texts which encourage you to log onto an authentic-looking courier website? If you don’t pay the fee, you’ll lose the parcel, and goodness knows that Brexit has led to a lot of unexpected postal surcharges. But if you do, then you’ll have given your payment details to a scammer.


Often, scammers will use personal information to make their communications seem more genuine. For example, if you’re one of the 11m Facebook users whose details were recently leaked, then your date of birth and phone number are out there and available for just this purpose. But if you’re publicising your birthday celebrations on social media or doing ‘fun’ quizzes which give away your personal information, then you’re making it easier for the criminals.


Here is a short video highlighting the most common things to look out for to avoid becoming a victim of a phishing attack.


Phishing can be a real risk to business, and if you have a business or charity in the South West, our police-led, not-for-profit team is here to help you, with advice and tips for free.


Every month, we’ll let you know about the latest scams that we’ve seen, and the latest guidance to avoid it. For the sake of a minute or two, that feels worth requesting, and reading. The average annual cost to a business which lost money to cybercrime last year was over £8,000. And right now, after a difficult year, many businesses just don’t have that kind of cushion in place.


So, as you shape up for what we hope will be a profitable and busy period in the tourist trade, make sure that the money coming in stays in your pockets, and doesn’t go to the criminals. Find out how we can support you with our free core membership, by visiting us at www.swcrc.co.uk/membership. We are here to help.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.