Episode 5 - How to spot phishing

In this video we talk you through one of the most common ways online attackers target people - phishing.

View transcript

[Audio: Real Leader] Now you've gone through the modules so far, you might think you have all the protections sorted.

But to be tricked by one of the most common scams out there…

[Audio: Fake Leader] …all you need to do is click a link.

[Visual] Unmask Cyber Crime intro graphic - Episode 5 - How to Spot Phishing 

[Visual] Montage of the unmasked real leader flickering through different outfits to represent different business Industries Including, real estate, accounting, construction, retail, hospitality, floristry and farming. 

[Audio: Real Leader] Say you're leading a tech firm. Your team may have seen emails come through from someone who looks suspiciously like...you.

[Audio: Fake Leader] When actually…it's me.

[Audio: Real Leader] Maybe they've received a message from 'you' asking them to urgently authorize a payment, update business data, or even organize gift cards.

[Audio: Fake Leader] Guilty!

[Audio: Real Leader] Or they might receive a phone call from a strange number, asking a whole bunch of strange questions…or even questions that seem pretty innocent.

[Audio: Fake Leader] Hello, it's your bank, I just need your account number, right now... Pleassssssseeee.

[Audio: Real Leader] Or it might be a text, asking you to click a link.

[Audio: Fake Leader] Click here!

[Audio: Real Leader] These are all examples of phishing, where your team think something is coming from someone, they trust…like you.

[Audio: Fake Leader] Surprise, I am you!

[Audio: Real Leader] Any action they ask them to do is designed to undermine your security.

Clicking links, sharing personal information, sending funds in an unexpected way, and acting with urgency.

[Audio: Fake Leader] The faster the better. So, your team don’t have time to stop and think that maybe I'm not you.

[Audio: Real Leader] Sometimes, they'll change your company's email slightly.

[Audio: Fake Leader] Oh you're .co.nz? Well I'll use .com 

[Audio: Real Leader] The messages might even threaten your staff – through the pretence of being you – if they don't act on 'your' request.

[Audio: Fake Leader] ….oops.

[Audio: Real Leader] Let's have a look at some scam emails so you can recognise them.

[Visual] Graphic of a sample email from Inland Revenue appears with the scam email address highlighted to show it's from a completely different sender

Here you can see that this email address isn't even remotely connected to who it’s claiming to be from.

[Audio: Fake Leader] Hey, I tried.

[Audio: Real Leader] Or when you hover over the link it’s trying to get you to click, it suddenly appears as a much longer looking link.

[Visual] Graphic of a sample phishing email from Inland Revenue appears with link in the email highlighted to show It goes to a different scam URL than stated

[Audio: Fake Leader] It's all well and good to know what you're looking for; I won't stop sending them as you. Someone you know will click them.

[Audio: Real Leader] But

[Visual] Montage of the unmasked real leader and masked fake leader flickering through different outfits to represent different business Industries Including, real estate, accounting, construction, retail, hospitality, floristry and farming. 

[Audio: Real Leader] …all business leaders can take simple steps to protect your team from being phished. Even on the farm. 

[Audio: Fake Leader] You don't need to do that.

[Audio: Real Leader] Implement security measures like email filtering and antispam, to stop phishing emails from making their way to you.

[Visual] Graphic appears on screen - Implement email filtering and anti-spam

[Audio: Fake Leader] Don’t you want to hear from your boss?

[Audio: Real Leader] Make sure there's antivirus software on any device concerning your business, to identify those dodgy email attachments before you open them.

[Visual] Graphic appears on screen - Install antivirus software

[Audio: Fake Leader] Who you calling dodgy?

[Audio: Real Leader] Conduct regular training on phishing so your team are aware of the signs – especially as times and techniques change, and cyber security tools adapt.

[Visual] Graphic appears on screen - Run phishing training sessions

[Audio: Real Leader] Any request to alter business or payment information should always be independently verified via a different channel. Using E-Invoicing for sending invoices is a great way to send Important Information more securely.

Ask your email provider to help you enable SPF, DMARC and DKIM to stop criminals spoofing your business' email addresses.

[Visual] Graphic appears on screen:

- SPF: Sender Policy Framework

- DMARC: Domain-based Message Authentication Report and Conformance

- DKIM: Domain Keys Identified Mail

[Audio: Fake Leader] Ahhh don't reach out to them that's too much of a hassle.

[Audio: Real Leader] And that's how you can help your business avoid phishing scams. So, those are all the ways you can Unmask Cyber Crime. For more ways to protect your business from scammers like them, head to www.ownyouronline.govt.nz

[Visual] Graphic on screen ownyouronline.govt.nz

[Audio: Fake Leader] Or…don't.

[Visual] Unmask Cyber Crime graphic leading to end screen slide with Own Your Online - Learn how to protect yourself online at ownyouronlinw.govt.nz/business. 

Key takeaway

  • Protect your business and staff from phishing scams

    Phishing is the practice of sending fraudulent emails or messages with malicious links or attachments. It is one of the most commonly reported cyber incidents. Phishing poses a risk to businesses in two ways.

    1. Scammers can target individuals in your company with phishing links.
    2. They may also send out phishing emails made to look like they came from you.   

    Our guides cover ways to help protect your business and your people.

    Protect your business from being used for phishing scams

    Email scams

    Sign up to eInvoicing (external link)

How secure is your business online?

Now you’ve gone through all the modules, you are in a better position to make your business more secure online.

Complete our short online security assessment to understand how secure your business is online. We’ll then provide you with a customised action plan that, depending on your results, will cover the basics, next level protection, and even gold star status!

Business Online Security Assessment Tool 

More information

Photo of a woman in a suit wearing a mask

Watch previous episode

Episode 4: Learn how to help secure your website and social media
Watch episode 4
Envelope with letter icon

Sign up to our business newsletter

Get the latest news and alerts straight to your inbox
Sign up
Documents icon

Online security posters for your business

We've created a selection of posters for you to use within your business to help build staff awareness about online security.

Browse posters