Rosenblatt
  • About
    • Memery Crystal
    • Investors
  • Services

    Services

    Rosenblatt is a disputes powerhouse. Competitive in the best sense, our teams provide incisive specialist expertise and collaborate closely with one another to meet our clients’ needs across the full spectrum of their activities.

    • Dispute Resolution
    • Construction, Engineering and Energy
    • Corporate Investigations
    • Debt Recovery
    • DLT, Digital Assets, and Tokenisation
    • Financial Crime
    • Financial Services
    • Insolvency & Financial Restructuring
    • International Arbitration
    • Probate & Wills
    • Serious & General Crime
    • Tax
    • Non-Contentious & Advisory
  • Insight
  • Events
  • Group Litigation
    • Amazon Legal Action
    • Property Investment Scheme Claims
    • Apple Class Action
  • Contact

Emails looking Phishy? Here’s how to keep your business safe from cybercrime in a pandemic.

28th October 2020

Every day, cybercriminals are attacking millions of homeworkers across the UK via email, SMS and calls. Any one of these attacks (named phishing, smishing and vishing) could compromise a company’s entire digital infrastructure and financial security. In April, Google reported blocking 100 million scam emails per day (18% of which were COVID-19 scams). Those were just the ones that didn’t reach users’ inboxes.

In this article, we will outline some of the greatest threats to your business in the new remote environment that we’re all adjusting to. We’ll also give you some key tips on how to keep your information and employees safe.

Phishing – What’s the Con?

Phishing emails usually purport to come from a legitimate source, such as an employer, bank or HMRC. They urge recipients to click on links directing them to web portals which have been totally manufactured by fraudsters but resemble a legitimate organisation’s website.

Recipients are then asked to enter a password into the portal, at which point an unlimited quantity of their information can be seized by cybercriminals, and malware is usually installed on their computer or mobile device.

If the recipient has access to any of your organisation’s confidential information – such as email accounts, passwords, bank details and intellectual property – all of this information will be stolen too.

How can you protect your business?

Basic phishing attacks barely resemble the legitimate organisation they purport to represent and are extremely easy to spot and avoid. However, more sophisticated attacks can present recipients with near exact replicas of legitimate communications. It is vitally important that you advise your employees to take the following steps to protect themselves (and your organisation) from phishing:

  • Check for spelling mistakes and factual inaccuracies in the email – professional communications would never contain these errors.
  • Check the sender’s email address – does it link back to a legitimate organisation’s website? For example, there is a subtle but very clear difference between Frances.Murray@rosenblatt-law.com and Frances.Murray@rosenblaat-law.com.
  • Contact the legitimate organisation in question and ask them if they have sent you the email.
  • Think about whether the email is genuine. Would the purported sender write like that? Was their email expected?
  • Remain aware that no reputable organisation will send any of your employees an unsolicited email asking for immediate electronic payment.
  • Are the emails personal? Emails beginning ‘Dear Client’ or ‘Dearest Client’ are 99.9999% likely to be from a scammer.
  • Verify any requests for a payment from your company accounts with your Accounts team.
  • Update your internal security to the highest possible standards. Poorly secured email accounts are some of the most vulnerable to phishing attacks.

You should also offer your employees specialist training to identify security threats to your business.

Smishing – What’s the Con?

Smishing is a phishing attack made by SMS rather than email. These texts often claim to come from the recipient’s mobile network provider and dispute a recent payment. During this pandemic, texts from GOV.UK have also been targeted by cybercriminals.

As so many companies make confidential information accessible through employees’ work phones, these attacks can compromise your internal security just as easily and devastatingly as fraudulent emails.

How can you protect your business?

Much of the security advice regarding phishing is also relevant for smishing texts. It is also important to consider:

  • Is the text coming from a recognised number? If the legitimate organisation would normally contact you from a different number, that is a big red flag.
  • Does the link look credible? Does the legitimate organisation’s website resemble the link? There is a huge difference between gov.uk and www.G0v732.uk.
  • Before clicking on any link, encourage your employees to email the legitimate organisation to check if the message is authorised. Phone lines could be compromised by fraudsters in one of these attacks, so communicating in writing to verify the text message is critically important.
  • Urge your employees not to reply to any text messages that they believe may be part of a scam. Everyone gets nervous when they become victims of these attacks. It is vital to remain calm and refuse to engage with the cybercriminals.
  • Encrypt any confidential information stored on or accessible through your employees’ work phones to the highest standards.

Vishing – What’s the Con?

Rejecting fraudulent phone calls has been one of the most irritating tasks for business owners and their staff for many decades. Vishing attacks are more sinister and a lot more dangerous than typical fraudulent cold calls. In one of the worst cases of vishing, £200,000 was stolen from a business.

Criminals impersonate legitimate organisations and even business owners when calling staff (usually company secretaries or members of your Accounts team). These fraudsters also hack the telephone line of the legitimate individual/organisation. An employee phones to seek authorisation for a requested payment and receives it – from the fraudsters!

Organisations as well known and trusted as Nationwide have become targets of vishing.

How can you protect your business?

Safety from vishing relies heavily on your staff remaining calm and not panicking if they receive an unsolicited call requesting payment. Ask them to:

  • Email your Accounts team to seek authorisation for any payments.
  • Email the legitimate organisation in question to check if the call is genuine.
  • Think about whether they are expecting the call. If it’s completely out of the blue – it’s almost certainly a scam.
  • Ask for details about the alleged transaction – what work has been supplied to justify the payment? When was it agreed? Who agreed it? Ask the caller for details of the project in question, before seeking authorisation for any payments.
  • Ask the caller to make their request in writing via email. Then you can see if their email address is credible. FlAmerideR71749@hotmail.uk is probably not going to be one of your clients.
  • Never phone the legitimate organisation after receiving an unsolicited call that purports to come from them and demands immediate payment. Always contact them in writing.

Insider Threat – What’s the risk?

Even the best-intentioned employees can fall victim to scams and unintentionally compromise your security. On other occasions, employees might steal any aspect of your IP or any part of your mailing lists or contact books for their own purposes. Perhaps they want to sell your information or use it to start a competing business? This is an aspect of employee relations that no employer wants to deal with.

You trust your employees and hope that they would always look after your interests, just as you look after theirs every day. However, you should always prepare for the worst-case scenario to become your worst-case reality.

How to protect your business?

  • Provide your employees with training on staying safe online and protecting themselves from the scams mentioned above.
  • Only give your employees access to confidential information which is essential for them to work productively.
  • Protect your most sensitive information with the highest level of password-encryption.
  • Require employees accessing sensitive information to permit your IT team to monitor their activity while they are reviewing the information in question.
  • Monitor any downloads of sensitive information.
  • Make sure that your employment contracts and any associated Non-Disclosure Agreements give you swift recourse to relief (including injunctive relief) if a breach is threatened or suspected.

How will your employees know if contact from NHS Test and Trace is genuine?

  • Calls from Test and Trace come from 0300 013 5000. Calls from all other numbers claiming to represent Test and Trace are fraudulent.
  • All texts come from the protected sender ID ‘NHStracing’. Texts from all other numbers are a con.
  • Test and Trace will never contact people from a withheld number.
  • The service is free, so contact tracers will never request a payment in any communications with individuals.
  • Test and Trace will only ask your employees to disclose their recent contacts if those employees test positive for Coronavirus (COVID-19). Any calls or messages requesting these details in advance of a test are from scammers.
  • The only official website for NHS Test and Trace is https://contact-tracing.phe.gov.uk/. Any other website claiming to represent Test and Trace is not genuine.

Ultimately, implementing comprehensive training programmes and robust security, together with limiting access to sensitive information helps your organisation to build the strongest wall of defence against this new age of cybercrime. Every organisation should remain alert to these security risks, no matter your size. Phishing, smishing and vishing attacks pose unprecedented commercial and personal risks to us all.

Post navigation

Further changes to the Government’s Job Support Scheme announced on 22 October 2020  
Bounce Back Loans | Covid-19 Fraud | Rosenblatt’s Financial Crime Team

Categories

  • Articles
  • News
  • Videos

Topics

  • Banking & Finance
  • Competition & Regulatory
  • Corporate
  • Dispute Resolution
  • DLT, Cryptocurrencies and Crypto Assets
  • Employment
  • Financial Crime
  • Financial Services
  • Insolvency & Financial Restructuring
  • International Arbitration
  • Investigations
  • IP/Technology/Media
  • Real Estate
  • Tax
Rosenblatt
  • +44 (0) 20 7955 0880
  • info@rosenblatt-law.co.uk

Helpful Links

  • Anti-Modern Slavery Statement
  • Complaints Policy
  • Diversity & Equality
  • Interest
  • Pricing
  • Subscribe to our Mailing List

SRA No. 820215, authorised and regulated by the Solicitors Regulation Authority.

Ce Logo
Uk Top Tier Firm 2026

Rosenblatt is a trading name of RBG Legal Services Limited, a company registered in England and Wales (with company number 13287062) and which is authorised and regulated by the Solicitors Regulation Authority under SRA No. 820215. A list of the directors of RBG Legal Services Limited, together with a list of those persons who are designated as partners of Rosenblatt, is available for inspection at the registered office of the company at 165 Fleet Street, London EC4A 2DY.

Rosenblatt uses the word “partner” to refer to a senior employee or consultant. However, Rosenblatt is not a partnership and the use of the term “partner” does not create or imply a partnership amongst or between any of its employees or consultants.

© 2025 Rosenblatt

  • Privacy Policy
  • Cookie Policy
  • Terms & Conditions

Website by Brighter*IR

link

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in .

Rosenblatt
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookies should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Performance cookies

These cookies allow us to count visits and traffic so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy.