What is phishing?
Phishing attacks fall into the category of social engineering and usually involve a cyber criminal pretending to be a trusted entity. Their aim is to trick the victim into opening a malicious email or text with the intention to steal user data, login credentials and debit/credit card numbers.
Phishing emails used to be an email from a bank you’ve never banked with, in a country you’ve never been to and were reasonably easy to spot and ignore. Unfortunately, overtime cyber criminals have become more sophisticated and the intelligent phishing emails that now appear in your inbox can be hard to recognise.
“The internet gave us access to everything but it also gave everything access to us.”
The emails are not usually perfect but often include common subjects you see daily, such as invoices, password resets and polite reminders, when you are juggling numerous projects, your day to day tasks and last minute deadlines, it’s easy to miss the signs that the email isn’t from who it says it’s from.
How to spot a phishing email?
When an email lands in your inbox, it should be second nature to question it’s authenticity and there are a few phishing email tell tale signs you should look out for.
- Does the email create a sense of urgency? Have you gone into panic mode because you are worried you need to action something now, making you feel like if you don’t, serious consequences will occur? Criminals will try to create a sense of urgency, meaning you are less likely to be thinking straight and will therefore miss the signs that the email is fake.
- Have you checked the links within the email are going to where they say they should be? If you roll over the link with your mouse you will see the url and whether you are being directed to a bogus page. It is always recommended that you use an internet search, for example the login page of your online banking, instead of clicking though on the link or copy and pasting.
- Sometimes attachments can be infected with malware, so be cautious when clicking on them. If an attachment is from somebody within your organisation, pick up the phone to check if the attachment was really from them. There is no harm checking and it could prevent an attack.
- Spelling mistakes and grammar is another good way to spot a real email from a fake, always check the send address is legitimate. It’s often just one letter or number that is out so keep your eyes peeled.
“If you use the same credentials everywhere and you’ve been caught once, you’ve been caught everywhere.”
Something else to consider is your passwords and two factor authentication (2FA). If a cyber criminal gets their hands on your email address and password and you use the same password for all of your logins, in a matter of seconds they then have access to everything. If you’re not sure, learn how to create a strong password and be sure to set up 2FA, as this gives your logins/accounts a secondary layer of protection.
Take a closer look at phishing emails
Share with your teams to help educate your them on phishing emails.