This alarming statistic doesn’t appear to be slowing down, with more and more cases of phishing emails and scams being reported. The relatively low costs to carry out and regularly effective outcomes are making these scams highly appealing to cyber-attackers.
This article aims to provide you with the necessary knowledge to spot a phishing email and keep yourself and your company safe.
Phishing emails are fraudulent emails that appear to be from a legitimate source such as your bank, gas / electric / broadband provider or any other creditable business. The aim of the email is usually to either direct you to a fake website where they ask for private security information such as passwords or bank / card details, or to get you to download an attachment that once downloaded will infect your device with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.
There are generally two types; Spear Phishing and Whaling.
This is when the emails directly target specific individuals, roles or organisations, with attackers commonly going to great measures to find out specific personal information to make the email seem more believable.
This is similar to Spear Phishing, however for more high-profile individuals or businesses, such as Chief Executives or Government officials.
Anyone with an email account.
Back in January there was a scam targeting Gmail users that Mark Maunder, CEO of Wordfence, for WordPress, said was even fooling “experienced technical users”.
The scam involved fake emails being sent to a person supposedly from their own address book, with image attachments that looked like a PDF file. If the person was to click on the attachment, they would be directed to phishing pages disguised as the Google sign-in page. When the user was to then input their login details, the hackers would take their information and be able to access all their emails. The most worrying thing about this scam is that the phishing pages set up by the scammers did not appear to trigger Google’s HTTPS security warnings (Somerset Live).
Be aware. There are a few things you should make common practice to protect yourself:
Banks will never ask you for passwords or any other sensitive information via links in emails and neither will most major providers. It is also unlikely that you would receive a call from them asking for personal information. If this does happen, ask what the call is regarding then hang up and call back using the number on their official website to see if the call was genuine. If the call is legitimate, they will have no issues with you doing it this way as it will be saving both of you falling victim to cyber-crime.
Although some phishing emails are extremely well done and are therefore very hard to spot, many of them have one or more of the following features:
Report it straight away. Action Fraud’s website have detailed information on how to report fraud and cyber-crime, visit www.actionfraud.police.uk/report-a-fraud/how-to-report-a-fraud.