- Because intruders in your inbox can be difficult to spot
- Because Phishing attacks can cost companies millions per year
- Because identifying scam emails can prevent you or your company from falling victim to an attack
Whether you are an employer that stores proprietary data or an individual with financial and personal information online, you are at risk of cyber-attackers, with their methods continuing to evolve daily.
What is Phishing?
This attack is a simple one that requires minimal technical know-how and can be deployed from anywhere in the world via a standard email into your inbox.
Phishing is used by attackers to obtain a targets personal information by the sending of a scam email that pretends to be a trusted company or person and asks the target to provide their sensitive information for financial gain.
They use fraudulent emails and websites designed to look legitimate in order to trick individuals and gain account passwords and details.
Phishing looks to exploit human error and misjudgement instead of the traditional cyber-attacks that would aim to target digital defences and firewalls.
The Phishing message will likely include alarming or suggestive language to fool victims into:
- Clicking a Link
- Opening a document
- Installing a software (E.g. malware)
- Enter their account details into a fraudulent website that’s made to look legitimate
Doing any of the above can infect a computer and lead to sensitive information being stolen.
According to research has revealed that almost 40% of UK organisations experience a phishing attack every year. Even huge scale companies such as Facebook or Google can be successfully scammed, with the tech giants phished for over £76 million each in 2017.
Typically, under traditional phishing attacks, a scammer will send out the fraudulent email to as many people as possible, and although they are affective, the broad nature of the attack can make them easy to spot by a trained eye. Spear Phishing attacks are a lot more targeted and sophisticated and can be a lot more convincing.
With Spear Phishing the scammer narrows the scale of who they target with fraudulent emails. The cyber-criminal uses research into the individual’s online activity and profile to make more personalised bait.
Although the criminal targets a smaller group of people, their highly customised attacks are far more likely to succeed as an individual is a lot more likely to believe it is legitimate.
Phishing vs. Spear Phishing
Example of a Phishing email:
Our records indicate that your billing information is out of date. To avoid late charges on your account, please update your information at this link.
Apple Customer Services
Example of a Spear Phishing email:
John – I need an iTunes gift card as a present for a client, can you get some at the store? Let me know to advise denomination to purchase – Thanks!
Tele. 5555 555
Spotting an Attack
When trying to identify a Phishing scam, it is best to be over-cautious. Whilst the identification of any fraudulent scam email may be difficult, the following questions should be kept in mind whenever you receive something suspicious in your inbox:
- What time was the message sent? – The authenticity of an email can often be established by the time that the email was sent. For example, an email sent at 3am on a Sunday is more likely to be fraudulent than an email sent during work hours.
- Do I know the sender? – Look closely at the email and where it has been sent from.
- Do the URLs match up? – A cyber-criminal may send an email directing you to a scam website. Check before you click.
- Does the content match the subject? – Read the email carefully and judge whether it makes sense or whether it is being used as a shock tactic for you to click or fill in your details. If it appears aggressive and overly urgent you should be suspicious.
- How is the grammar and spelling? – Large or reputable companies spend a lot of time and money on their communications, and they are often checked thoroughly, making mistakes from legitimate companies rare. Read the suspicious emails you are sent and if there are glaring errors consistently, it is most likely a scam.
- Never enter personal information or click links in a pop-up screen.
- Deleting, reporting, and NOT replying to suspicious emails will protect you from scams in your inbox.
- Keep your browser up to date and use firewalls
- Avoid emailing personal and financial data even if you know the sender.
Keeping these questions and tips in mind when looking at suspicious emails can prevent you or your company from falling victim to a Phishing scam.
For more information on Cyber-security, or to speak to a broker