Call us for a chat on
01234 779050

Steering clear of phishing emails

Date: Thursday, 6th April 2017 | Category: , , , , ,

A recent report from the Anti-Phishing Working Group (APWG) found that 2016 was the worse year in history for phishing scams, with 65% more attacks than in 2015.

(Harvard Business Review)

This alarming statistic doesn’t appear to be slowing down, with more and more cases of phishing emails and scams being reported. The relatively low costs to carry out and regularly effective outcomes are making these scams highly appealing to cyber-attackers.

This article aims to provide you with the necessary knowledge to spot a phishing email and keep yourself and your company safe.

What are Phishing emails?

Phishing emails are fraudulent emails that appear to be from a legitimate source such as your bank, gas / electric / broadband provider or any other creditable business. The aim of the email is usually to either direct you to a fake website where they ask for private security information such as passwords or bank / card details, or to get you to download an attachment that once downloaded will infect your device with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.

There are generally two types; Spear Phishing and Whaling.

Spear Phishing

This is when the emails directly target specific individuals, roles or organisations, with attackers commonly going to great measures to find out specific personal information to make the email seem more believable.

Whaling

This is similar to Spear Phishing, however for more high-profile individuals or businesses, such as Chief Executives or Government officials.

Who is at risk?

Anyone with an email account.

Back in January there was a scam targeting Gmail users that Mark Maunder, CEO of Wordfence, for WordPress, said was even fooling “experienced technical users”.

The scam involved fake emails being sent to a person supposedly from their own address book, with image attachments that looked like a PDF file. If the person was to click on the attachment, they would be directed to phishing pages disguised as the Google sign-in page. When the user was to then input their login details, the hackers would take their information and be able to access all their emails. The most worrying thing about this scam is that the phishing pages set up by the scammers did not appear to trigger Google’s HTTPS security warnings (Somerset Live).

How to protect yourself

Be aware. There are a few things you should make common practice to protect yourself:

  • Make sure your spam filter is on your emails – if a spam email does make it through to your email, make sure to mark it as spam and delete it to stop emails from the same sender appearing again
  • If you have any doubt about whether an email is real or not, do not hesitate to call the sender directly – do this by calling a tried and tested number (or failing this, one on their official website – not a website link in the email), rather than a number from the email itself
  • Never click on any links or call any phone numbers from suspicious looking emails

Banks will never ask you for passwords or any other sensitive information via links in emails and neither will most major providers. It is also unlikely that you would receive a call from them asking for personal information. If this does happen, ask what the call is regarding then hang up and call back using the number on their official website to see if the call was genuine. If the call is legitimate, they will have no issues with you doing it this way as it will be saving both of you falling victim to cyber-crime.

How to spot the signs

Although some phishing emails are extremely well done and are therefore very hard to spot, many of them have one or more of the following features:

  • Poor or incorrect spelling, grammar, graphic design or image quality – for example ‘HeLlo’, ‘He11o’
  • Generalised openings – if they don’t know your name it could begin with something like ‘To a valued customer’ or ‘Dear [your email address]’
  • Suspicious sender email address – businesses and organisations don’t tend to use web-based addresses such as Google or Yahoo
  • Suspicious web address links – legitimate website addresses are usually fairly short and contain relevant words
  • Fraudulent activity – for example money missing from your account

What to do if you fall victim to it

Report it straight away. Action Fraud’s website have detailed information on how to report fraud and cyber-crime, visit www.actionfraud.police.uk/report-a-fraud/how-to-report-a-fraud.