What is Phishing?
Phishing is the fraudulent practice of sending emails in which the fraudsters pretend to be reputable companies in order to gain personal information such as passwords, phone numbers or bank details. They are used as a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.
How can you spot a phishing email?
Here are a few simple ways you can spot a phishing scam and ensure your private information stays private.
Businesses and companies will have their own name in their email addresses, for example @TimelessIMS. If the email claims to have come from someone at Netflix and their email address ends with @gmail, it’s very likely a scam.
Any email you will receive from a reputable company will have correct spelling and grammar 99.99% of the time. So, if the email you’ve received contains a lot of misspelt words or simply doesn’t make much grammatical sense at all, do not trust it. Especially if they’ve spelled their ‘own’ company name wrong!
3 – Suspicious attachments and links
All phishing emails will contain something called a “Payload”, which basically is an infected attachment or link. Payloads contain malware and when opened will release it onto the device infect it immediately. Payloads are used to capture sensitive and private information, e.g., login details, card information, phone, or account numbers.
With suspicious links, you must always check the site address and ensure they match the content of the email. On a computer you can see the link before clicking on it by hovering your cursor over the button. On a mobile device you can hold the button down to revel the hyperlink. This way you can ensure it’s the correct link.
4 – The message is urgent
Scammers want to create a sense of urgency with their messages. They want to grab the recipient’s attention and focus on them opening that payload. They want individuals to react quickly and ‘urgently’ which therefore allows them no time to think. However, if you took the time to think and look at the email in depth, you’re more likely to notice the mistakes and that something doesn’t seem right.
1. Don’t click. Use your own link. If you use a product or service from the company apparently sending you the message, don’t click. Instead, navigate to the website via a browser bookmark or search engine. If the email is legitimate, you will see the same information when you log into your account on the legitimate site. This is the ONLY way to guarantee you land on the legitimate site.
2. If you use the link or phone number in an email, IM, blog, forum, voicemail, etc. where you land (or who you talk to) is their choice, not yours. The website they take you to or the “bank manager” on the phone may be a convincing copy, but if you share your information it will be stolen and abused.
3. Use a browser filtering extension. There are browser extensions that grade search engine results based on known characteristics or behaviors and may even prevent you from navigating to malicious sites. Generally, sites will be graded on a scale from safe to suspicious to high risk.
If you find you are the victim of a phishing scam, change all of your passwords immediately. Since most people use the same password for multiple sites (we hope you don’t), cybercriminals could be in the process of gaining access to your other accounts on commonly used sites.
Sign up to our managed IMS Security – DarkWeb service to monitor if your email address and passwords are available to buy on the Dark Web.
Contact Us Today to learn more about the managed security services we offer.
We help teams and individuals work more productively with technology by providing tailored intelligent managed solutions in four key areas of technology: Cloud, Security, People and Intelligence. We offer bespoke technology solution consultancy, design, procurement, implementation and ongoing managed support 24/7.