What is Phishing?
Phishing is the attempt to obtain sensitive information such as user names, passwords and banking information. Phishing can require high levels of social engineering. Social engineering is the process that someone will use deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
The origin of Phishing comes from some of the earliest hackers that were known as Phreaks and has now come to encompass the techniques and methods that people will use to gain personal information.
What forms do Phishing Attacks take?
Phishing generally comes in the forms of Email Spoofing and instant messaging. It often directs users to enter their personal information at a fake website that matches the look and feel of the legitimate website that they are targeting.
How do we spot a Phishing Attack?
1. The email may ask you to confirm your personal information
For example, if you were to receive an email like this it’s most definitely a Phishing attack
2. The email and web address do not look genuine
For example, if you see an email like below its probably Phishing.
We are using Apple as an example
If you do receive an email like this posing as Apple you can report this email to firstname.lastname@example.org
3. It’s poorly written
This is possibly one of the easiest ways to spot a Phishing email. Here are some direct examples that you can expect to find.
4. There’s a suspicious attachment or link to one
You could receive an email that looks legitimate but if it contains suspicious-looking files its best not to click them. First, contact the organisation that claims to be contacting you and verifying the legitimacy of the email. An example of a suspicious-looking file can be as simple as a DOC or PDF.
5. The message is designed to make you panic
Often you will find that the emails are designed to make you panic or are threatening.
The email may contain claims to possess indecent photos or videos of you and threaten to send them out to family and friends or the emails may contain a threat to turn off and disable your accounts.
Often if you hover over a link you will see a tag that tells you where it is actually linking you to for example.
How to avoid them
1. Keep informed on the latest scamming techniques
You can often google what the latest scamming techniques are and this will keep you well informed and help prevent the scammers from winning.
2. Think before you click
This one is as simple as it sounds, take some common sense and think before you take any action. Is the email content spelt wrong? Does that link look different to what it should? Are you being pressured to take action or enter personal and sensitive information?
3. Check your online accounts regularly
Understandably, you cannot check all of your accounts regularly but you should at least keep updated with important accounts such as online banking, PayPal, Apple, mobile phones or anything that may be considered valuable or that you pay for.
4. Do you remember entering that contest?
If you receive an email saying that you have won a competition it may be very tempting to click whatever link that the email has but take a moment and think first, Did I enter a competition? Most likely you didn’t and even if you did it’s not likely that you would win, so remember to always check the credibility of the emails and the referring links.
5. Have the slightest doubt, don’t trust it
If you look at an email that you have received and you read through it and it seems legitimate but you still have some doubt about the email then don’t trust it, if it feels wrong its most likely wrong.
What should I do?
1. Contact the organisation
To be safe you should contact the organisation to confirm and verify that they sent the email and that it is legitimate. Ensure that the information to contact the organisation is correct and attempt to contact them via offline methods such as phoning them to ensure that you don’t accidentally end up on the scammer’s website.
2. Report the email
If you have confirmed that the email is illegitimate or suspicious you should report them directly to the authentic company. Most larger companies will have an email address that you can directly report a phishing attempt to that are using their name or information. Apple’s address is: email@example.com
Amazon’s address is: firstname.lastname@example.org
Microsoft’s address is: email@example.com
You can also report these emails to your email provider such as ITC, we can create new rules to prevent these emails as well as offer anti-phishing filters that will remove these emails and prevent them from ever reaching you.
3. Filter it
You can add the email address of anyone to different filters within your email service. One of the easier things to do is add them to a filter for spam, trash or even create a phishing folder that you can use to document these emails and report them as they come in.
What we can offer
If in doubt about any email, contact us first.
We offer mail filtering at different levels from generic spam to high security detailed anti-phishing filter. For more information contact one of our account managers.
Check our Youtube channel, we will be uploading a video edition of this blog soon!