Phishing Lesson

  • What is Phishing?

Phishing is the fraudulent practice of sending fake emails that trick people into believing they are from a legitimate company or person of interest. Criminals use phishing to trick people into providing personal and sensitive information or to click on dangerous links and attachments in order to download malicious software onto their devices.

Phishing has become one of the fastest growing crime industries to date. Cyber security firms estimated that £4.6bn was stolen from British internet users in 2017 with that figure expected to be much more in the Annual Crime Report for 2018.

  • How can you prevent the risk of being Phished?

Phishing attacks are relatively easy to prevent if you know how to spot the attacks!

Criminals are going to extreme lengths when creating fake emails. They are doing everything they can to make their fake emails look as authentic as possible in order to trick their victims. However, there are a few giveaways that can be easily spotted if you know where to look! We have listed our top 10 tips to spotting and stopping Phishing attacks!

Top 10 ways to prevent being Phished…

Number 10 – Use Credit Cards not Debit Cards

Although this was does not prevent you being Phished, it is a good security habit to have in case you do get phished and find money is taken out of your account.

Credit card companies are more likely to refund your money in the event of a hack then your bank are. You should also refrain from saving you billing information to your computer or to any websites, and never send billing information over email. If you ever need to provide anyone with your billing information, do it over the phone!

Number 9 – Does the email contain suspicious links?

A lot of emails contain links and buttons, directing you to various websites to save you the trouble of finding the specific page yourself. However these links can cause you a whole heap of trouble if they turn out to be malicious.

You should treat all buttons and links in emails as suspicious. There’s nothing wrong in being extra cautious! The best way to find out if a link is dangerous is to hover over it. Check to see if you the link looks at all suspicious or if you recognise the address. Does the link use ‘HTTPS://’?

Another way is to right-click on the link and select ‘Copy Hyperlink’. Try pasting this into a Notepad so you can check the full address to ensure it is safe.

Number 8 – Does the email contain suspicious attachments?

You should treat all attachments in emails as suspicious. One click on an attachment can run malicious software on your PC, which can cause you a lot of trouble!

Things to ask yourself when you receive attachments are;

  • Am I expecting this attachment?

  • Do I know and trust the sender?

  • Do I recognise the file format?

0%
Percentage of malware delivered by email

A good habit when dealing with attachments is to call the sender to confirm that they have sent the attachment and to have them explain what it is. Don’t reply back to the email asking the sender though, of course a criminal will say it’s safe to open!

Number 7 – Does the email use good spelling and grammar?

In a work and business environment you should expect all emails to be easy to read and understand. Legitimate who spend thousands of pounds on marketing teams are highly unlikely to send an email that reads badly.

When dealing emails make sure to read them fully, to make sure they sound professional. It is not uncommon for Phishing attacks to be sourced from foreign countries, where there English is not quite up to our standards.

Number 6 – Does the email look authentic and professional?

As mentioned earlier, businesses who spend thousands on professional marketing teams are not going to send out emails that look tacky or messy.

When dealing emails from businesses, ask yourself the following questions; do I know or recognise the business? Does the email stick to the businesses other marketing schemes e.g. logo and website? Have I gave this business or company permissions to contact me via email?

Number 5 – Does the sender request anything suspicious?

Is the sender asking you to send money to a bank account they have specified? Have they asked you to send them confidential or personal information like account credentials, addresses or billing information? If so then you should treat the email as suspicious!

Criminals use social engineering to trick users into providing personal information or to send money. In some instances they will research you and your business to help with their targeted attack. This is called spear-phishing.

If the email comes from a person or business you know, then you should call them to confirm that it was a legitimate email. There is no harm in being extra cautious when dealing with sensitive requests.

Number 4 – Can they prove that they know who you are?

Large companies when sending important information will often provide some sort of proof that they know who you are. If you have accounts set up with them, then they may provide an account number or username within the body of the email to prove that they know you and it is a legitimate email.

Once again, when unsure the best way to find out is to call the company or person directly to confirm it is a legitimate email. There’s nothing wrong in being extra cautious!

Number 3 – Check the senders address

The senders address is usually the biggest give-away to a phishing attack. No matter how much a criminal criminal tries to replicate an email address, most of the time there is something that will give it away.

Check the senders address carefully for any suspicious characters within the body of the domain. They will add symbols or replace letters with numbers to make it look like a legitimate address. They may also sound utterly ridiculous! Would you reply to an email from ‘payment@secureamazon.org’ claiming to be Amazon? If you’re ever unsure, large companies will provide a list of email addresses that you can trust on their websites so that you can be sure.

This is once again not always the best reason to trust a suspicious email. Criminals have found ways to spoof legitimate email addresses over recent years, there is also the chance that the senders computer has malware installed which is sending out floods of dangerous emails.

Number 2 – SPAM filters and Antivirus

SPAM filters and antivirus software are crucial to every business. SPAM filters will greatly decrease the amount of dangerous emails that are delivered into your mailbox, and make it easier for you to block senders, domains and report attacks. Antivirus is a necessity for all businesses and can protect you if a mistake has been made. Keeping these software’s up to date is crucial as it will protect your devices from the latest malware and phishing threats.

0%
of all email traffic worldwide is SPAM

Number 1 – TAKE YOUR TIME!

The best way to spot and handle phishing attacks is to take your time. Mistakes are easily made when we rush and presume, and can easily cause a nightmare of trouble if you get caught.

Simply slow down and follow all the steps we have mentioned above. Double check everything in any email, and triple check anything that makes you evenly slightly suspicious. When suspicious you should take all the precautions necessary; call up the sender and confirm the email is legitimate, ask your IT to take a look, ask them questions that only the real sender would know. No matter how silly you may feel, the hassle is far less then what a successful phishing attack could cause.