Phishing
A phishing attack is a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague. The email might ask you to confirm personal account information such as a password or prompt you to open a malicious attachment that infects your computer with a virus or malware.
Phishing emails are one of the most common online threats, so it is important to be aware of the tell-tale signs and know what to do when you encounter them. Here are five ways to spot phishing attacks.
The email asks you to confirm personal information
Often an email will arrive in your inbox that looks very authentic. Whether this email matches the style used by your company or that of an external business such as a bank, hackers can go to painstaking lengths to ensure that it imitates the real thing. However, when this authentic-looking email makes requests that you wouldn’t normally expect, it’s often a strong giveaway that it’s not from a trusted source after all.
Keep an eye out for emails requesting you to confirm personal information that you would never usually provide, such as banking details or login credentials. Do not reply or click any links and if you think there’s a possibility that the email is genuine, you should search online and contact the organization directly – do not use any communication method provided in the email.
The web and email addresses do not look genuine
It is often the case that a phishing email will come from an address that appears to be genuine. Criminals aim to trick recipients by including the name of a legitimate company within the structure of email and web addresses. If you only glance at these details they can look very real but if you take a moment to actually examine the email address you may find that it’s a bogus variation intended to appear authentic ‒ for example: @mail.airbnb.work as opposed to @Airbnb.com
Malicious links can also be concealed with the body of email text, often alongside genuine ones. Before clicking on links, hover over and inspect each one first.
It’s poorly written
It is amazing how often you can spot a phishing email simply by the poor language used in the body of the message. Read the email and check for spelling and grammatical mistakes, as well as strange turns of phrase. Emails from legitimate companies will have been constructed by professional writers and exhaustively checked for spelling, grammar and legality errors. If you have received an unexpected email from a company, and it is riddled with mistakes, this can be a strong indicator it is actually a phish.
Interestingly, there is even the suggestion that scam emails are deliberately poorly written to ensure that they only trick the most gullible targets.
There’s a suspicious attachment
Alarm bells should be ringing if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected. The attachment could contain a malicious URL or trojan, leading to the installation of a virus or malware on your PC or network. Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.
The message is designed to make you panic
It is common for phishing emails to instill panic in the recipient. The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure, contact the company through other methods.
Ultimately, being cautious with emails can’t hurt. Always member this top
Stop & Think
When in doubt, throw it out. Links in emails, social media posts and online advertising are often how cyber-criminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
The fastest way to see if an email is not what it claims to be is if you check the actual email address, not just the name, you will see different information at the bottom of the page (see below). Also, if there are any links, hover over it with your mouse and the actual web site will show up, which will most likely be different than what the verbiage is.
Phishing
Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.
Phishing on Social Networks
Phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
If you have heard someone talking about spear phishing, images of pearly seas and abundant schools of fish might come to mind. However, spear phishing is also a form of social engineering that can lead to your personal information falling into the hands of wrong people.
Spear phishing is no laughing matter. Its strength lies in its ability to affect anyone - even those within large organisations.
According to a Symantec report, five out of six companies with over 2,500 staff were specifically targeted by cybercriminals using spear phishing tactics in 2014.(1)
There have also been a number of high-profile cases. The White House was targeted by a spear phishing attack that led to sensitive information being compromised, an April 2015 CNN article reported. Interestingly, it all started when an official responded to an email launched using the State Department's account that turned out to be fraudulent.(2)
With even the most protected systems at risk, it is important to know what spear phishing is so you can stay clear and protect your interests.
What is spear phishing?
The cyber criminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.
Spear phishing is a form of targeted cyberattack that involves the use of an email crafted to look like it has come from someone within an official organisation or who is familiar to you.
In comparison to phishing - where hackers will send a number of random emails supposedly from a random or made-up bank - spear phishing involves targeted attempts to gain your personal information.
How does it work?
Spear phishing involves sending an email with fraudulent information and an array of associated links to a specific person in the hope they will open them.
The key characteristic of spear phishing is precision. Cybercriminals using this method of attack do not send out several thousand emails to random users in the hope a few victims will take the bait. Instead, they select certain groups of people that are connected in some way, for instance, they might work at the same company, visit the same websites or are serviced by the same bank.
Being able to replicate official emails or mimic the style of a specific person involves effort. It requires cyberattackers to either hack an organisation's network and acquire email templates and information about a colleague, or scouring other sites such as blogs and social networking platforms for information they can use.
How can spear phishing impact me?
The end goal of spear phishing is to attain your personal information, such as your PINs, passwords and account numbers. To accomplish this, hackers will send an official looking email with an urgent plea for your information with an authentically sounding explanation.
Once you have clicked on the link, there are two main ways cyber criminals can gain access to your information.
They can attach malware to your browser and begin to siphon your information as you use it. For instance, if you log into your bank's online service using a browser with malware attached, the fraudsters can attain your log-in details and use it to access your bank accounts.
Additionally, the hacker's emails will contain links to fraudulent websites that if clicked on will ask you to enter specific information.
If a spear phishing attack is successful, your data could end up in the hands of criminals who may use it to take your money, acquire a credit card in your name or use your identity for larger criminal activities.
What can I do to avoid spear phishing?
There are several ways you can combat spear phishing attacks and protect your personal information from fraudulent use.
The best approach to avoiding spear phishing is through an understanding of the two primary platforms that spear phisherman use.
The most popular delivery platform is email. As such, when opening an email it is important to know the hallmarks of a phishing scam:
-
If it asks for your personal information, play it safe and assume it is a phishing attack.
-
If you believe the email may be a scam, phone the organisation to verify if it is an official email.
-
If you do click on a link, make sure to never enter your information into the website that appears.
-
If you recognise the email address, do not take this as proof it is from an official or authentic source.
-
If you see a suspect email has an attachment, make sure you do not open or download it as it could be an infectious computer virus.
Social media
Social media phishing attacks are becoming more common as the number of users increases. Social networking sites have an added advantage for scammers as people tend to trust each other's posts and messages more than they would a random email. One way to address this is by utilizing the security settings most social networking sites have.
Furthermore, many social networking sights have instant messenger capabilities. This compounds the problem as it is harder to identify a phishing attack over instant messenger services than it would in an email. To be safe, only open links that you can corroborate with the sender.
