‘Phishing you a merry Christmas!’ – how to spot suspicious messages

As we enter the season of goodwill, some of us will be counting down the days to some time off, maybe delaying the start of new projects until the new year, for others it will be an exceptionally busy time and an opportunity to make up for the impact of lockdown.


Wherever you are in Wales, and whichever scenario you fall into, there are criminals who will look to take advantage of these distractions, and often in the form of a phishing email. It only takes one lapse of concentration and potentially your organisation can be at risk. So, in the run up to Christmas, it is more important than ever to be vigilant as the criminals will look to use the festive season themes to deceive you and get past your defences.


The Cyber Security Breaches Survey is an official statistic which measures how UK organisations approach cyber security, and the impact of breaches and attacks. In its latest survey, phishing is identified as the most common cyber-attack. Among the 38% identifying breaches or attacks, 82% had phishing attacks, 25% were impersonated and 13% had malware (including ransomware).


Preparing your staff is critical to defend against these attacks, but only 13% of smaller businesses train staff on cyber security and 19% have tested their staff response by using a mock phishing exercise.

Some of the tell-tale signs of phishing emails are:


  • An urgent call to do something

  • Spelling errors

  • By hovering your mouse over the sender, you see an email address that differs from the one displayed

  • Requests personal / business-sensitive details

  • Unusual file type

  • Sent at an unusual time of day

  • Not addressed to a specific person

  • And often, something just doesn’t feel quite right so trust your instincts.

So, what can you do as a small business? Three things to consider in the run up to Christmas:


1.Many smaller businesses would benefit from using government guidance on best practice, but only 18% have heard of the Small Business Guide which is the government-approved guide created specifically to help small businesses.


2. There is also the Little Book of Cyber Scams, which the Cyber Resilience Centre for Wales provides for free in Welsh and English languages. Download this and circulate to your staff as a first step to raising their awareness.


3. Contact the Cyber Resilience Centre for Wales as we can provide guidance and support to help your business protect itself against cybercrime. We don’t use jargon but communicate in simple to understand terms.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.