Being phished is a type of cybercrime. It comes in the form of an email, telephone or text message via someone proclaiming to be a legitimate institution. This blog explains how it happens and how to avoid being phished.
The aim is to lure you into providing personal data such as bank account information, credit card details or passwords.
Once in receipt of this information, hackers will attempt (and often succeed) to access accounts. This can result in identity theft and financial loss.
People often end up being phished by opening emails by accident. The people behind them are becoming increasingly sophisticated at plagiarising content to make them look as though they are legitimate. Even to the well-trained eye. We have a free video guide to help here: What is phishing?
So you are probably now wondering how to avoid being phished? Firstly you need to know what you’re looking for. Educational tools like Sophos Phish Threat can help admins guide their end-users about what to look out for. You should also consider the following:
If it seems too good to be true, it probably is – The criminals aim to catch your attention. One way to do this is by showing you what seems to be a lucrative offer or using an eye-catching statement to grab your attention. It might claim you have won an iPhone, for example, or even some kind of lottery or prize. If suspicious in any way, don’t click on it.
Why the urgency? – A common tactic is to urge you to act fast because the super deal offered to you is only available for a limited amount of time. They may even say you only have a few minutes to respond or that your account will be suspended unless you immediately update your personal details. Most reliable organisations would not do this. They are legally bound to give notice before terminating an account. They should never ask you to update your details to continue with a contract. And not least, ask you to do this over the internet. Ignore any emails asking you to do this, and if in doubt, go directly to the source via their legitimate website. DO NOT click on a link in an email.
Watch out for hyperlinks – When you hover over a hyperlink, it should show you the actual destination URL. Look out for hyperlinks that don’t relate in any way to the link text or for misspellings of what may seem like a legitimate destination.
Beware of attachments – You may come across an attachment in an email that you weren’t expecting or that doesn’t make sense. If this happens, do not open it as in many cases, it could contain a payload like ransomware or another type of virus. The only file type that is safe to click on is a .txt file.
Do you recognise the sender? – This is a tricky one, but always be on the lookout for emails where you don’t recognise the sender. If you do recognise them, are they someone you expect to hear from? Is the email written in their usual style? If alarm bells ring in any way, trust your instincts and don’t open it.
Check the spelling – although cybercriminals are becoming increasingly sophisticated, they often slip up with spelling mistakes. These can be within the message or within a URL itself.
Please also visit the National Cyber Security Centre page on how to spot and report scam emails, texts, websites and calls here.
As with anything, trust your instincts. If at all in doubt, do not click or open the email and check with the purported source directly regarding any information they may or may not require. If you’re unsure, or want help with protecting your organisation from cybercrime, drop us an email or call us on 01892 577 577. You can also get more information on how to avoid being phished and cybersecurity from our website.