What is phishing?
In a phishing attack, a cyber criminal seeks to trick victims into revealing sensitive information such as their name and address, their bank account or payment card details, and their user name and password for online accounts. This may all start with a fraudulent email, where the cyber criminal pretends to be someone that you know or trust such as your bank, your work, your paypal account, or the DVLA. Because you might believe it is a legitimate message from someone you know, you are more likely to give the cyber criminal the information they want. Part of the scam may include an urgent reason for you to click on a link or phone a number and be taken through a fake authentication process to verify or unlock your account. This is the way cyber criminals steal your account information, they simply con you into giving it to them.
What is Spam?
Other than a questionable meat in a can that became a staple of wartime Britain, spam is the name given to unsolicited messages sent in bulk from a sender or a company. Just under half of all emails sent are thought to be spam, and in some estimates that could add up to around 107 billion spam emails sent out each a day globally. Most spam messages are irritating advertisements, but some spam messages are harmful and contain phishing links or malware.
Malware is the collective name given to software that is designed to cause harm. An example of malware is a virus, a worm or ransomware.
NEVER CLICK ON A LINK IN AN EMAIL, SOCIAL MEDIA MESSAGE OR TEXT UNLESS YOU ARE 100% SURE IT IS SAFE AND YOU HAVE EXPECTED TO RECEIVE IT.
By clicking a malicious link, you could inadvertently instigate a download of malware or ransomware to your computer or your entire home or work network.
You can reduce the amount of spam you receive in your inbox by changing your email settings. You can usually set the spam filter to low, high or very high (which only allows emails that have come from addresses recorded on a ‘safe list’)
How to identify phishing e-mails
Unfortunately, phishing e-mails in recent times have become very convincing. There is nothing to be ashamed of if you have been a victim of one of these attacks, as even large companies with cyber security departments have found themselves compromised in this way.
Here are some clues that one of your emails is a phishing attack.
E-mail subject
Always examine and review your e-mail subjects before opening them. A phishing e-mail usually wants to alert you and cause anxiety. They seem to be very informal, and often have a rather non-uniform structure. If the subject or the sender is suspicious, do not open it.
It is possible to receive a con email from someone in your address book. When someone’s email account has been compromised (the user name and password are known by people that shouldn’t have it), a cyber criminal can use that person’s account to send spam to everyone in their address book. Never click on a link that you receive in an email, even if you think you know the sender.
E-mail content
If you hover above the e-mail with your mouse, a box appears with what is in the e-mail dialogue, it will probably be text that is geared to scare the reader with some alarming news that requires urgent action. Phishing emails are usually sent out on mass and rarely use your name, instead addressing you as valued customer or simply starting with ‘Good morning’. These are all clues that this is a scam email, delete it with no further ado.
Types of Phishing Attacks
It is commonly thought that phishing occurs only in emails, but it is now being modified to other platforms such as SMS, social media and phone calling. Anyone could fall victim to one of these scams.
Vishing
Vishing is becoming more common and takes place as a phone call. The attacker might ask you, “were you involved in an accident?” taking the chance that you have been. These attacks are frequently used to retrieve information for more organised groups, and any information that can be procured will help target you in a more sophisticated attack. In a Vishing attack or con phone call, a criminal pretending to be a bank representative may get you to reveal your bank account details or try to deceive you into moving large sums of money to a ‘safe place’. A criminal pretending to be Microsoft may con someone into allowing them to remote access their computer to ‘fix’ a problem. Many vulnerable people have lost their pensions and life savings to these scams, or had their computer encrypted to make it unusable unless they pay a ransom. To prevent this, only answer calls that you are expecting or from recognised callers. If you accidently answer the phone to someone you don’t know who is asking about your life or accounts, just hang up and block the number.
Your bank would never ring you and ask you to move money.
The police would never ring you out of the blue to ask you to help solve a crime.
Smishing
Very similar to vishing, but done in SMS text message format. They will have links or messages to try and incite a response but do not answer these. Do not click the links, just delete them immediately.
Awareness is your best line of defence
If you receive an email, a text message or phone call from someone who says they are your bank or any other institution, always be suspicious. A legitimate company will never phone or email you and ask you for your passwords or bank details. If you are in doubt, delete the message and go to the company’s website and find their phone number. Call them to check that they have been in touch with you.
Anti virus software cannot help when it comes to addressing the threat of phishing. This is very much a people problem and the attackers are conmen. These conmen take advantage of busy and stressed human beings who are likely to make mistakes. They deliberately put pressure on the victim by creating some kind of urgency, telling you that your bank account is in danger, you have a huge fine or that your paypal account has been frozen, and then they use that emotional disturbance to enable you to make a poor and rushed decision. These kind of attacks are also known as ‘social engineering’ which means that attackers manipulate people instead of technology, the way to protect users from phishing attacks is education and awareness.
If someone unusual gets in touch with you unexpectedly and asks you to withdraw or move money, do not do anything, instead, talk to someone about it even if you were told to keep it a secret.
Is there somebody you know that could be vulnerable to a phishing or a vishing attack? Have a chat with them about con emails and fake phone calls and make sure they do not become the next victim of cyber crime.
As more of our information and activities go online, cyber security has become a necessary part of life that keeps us safe from crime. Just like learning anything new, it can be broken down into small steps and implemented in bite sized chunks. Businesses of all sizes are at particular risk of cyber crime and would benefit from working towards Cyber Essentials which is a Government approved scheme. By implementing just five core controls that protect against most cyber attacks, businesses can ensure they are on the right track as well as demonstrating to their customers and suppliers that they are serious about cyber security. Click here to find out more about the Cyber Essentials scheme.