Recently we are seeing more and more phishing emails reaching our inbox’s, targeting all types and sizes of businesses. So what are phishing emails and how can we protect ourselves and our businesses from being caught?
In simple terms, phishing scams are designed to steal money. Fraudsters are fishing for your information in the hope that they can gain access to your confidential information. Unfortunately it is not just on the streets we now need to be careful with our wallets but also online. Cybercriminals are able to do this by installing malicious software on your computer or stealing personal information off your computer.
Social engineering has also played a large part in these email scams. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, and scareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.
Things to look out for when you receive an email asking you for private or confidential information:
– Unofficial email address – look out for an email address which is similar to but not the same as an official company’s email address.
– Urgent Action Required/Threats – fraudsters often include quick calls to action to get you to respond immediately. Terms such as “your account will be closed” or “urgent action required” are often a giveaway that someone is trying to illegal access your information.
– Generic Greeting – These phishing emails are usually sent to thousands of people at one time in the hope that someone will bite so look out for a generic greeting such as “Dear Customer”
– Link to a fake website – If you see a link in a suspicious email, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.
– Popular/Well Known Organisations – Cyber criminals often use well know companies to mimic to lull people into a false sense of security about the email. Some phishing emails even have the same branding and logos as the copied organisation.
What does a phishing email look like? Microsoft have provided a great example:
At Portal, we have seen a large increase in the amount of scam emails circulating around our clients. We have been advising them to get in contact with us immediately if they have any concerns about emails they have been receiving. We have also reinforced that social engineering is playing a large part in the attacks so we would strongly recommend making all staff aware of the emails.
The main advice we would give is to never give out your personal information if you have any doubts about an email or where it has come from. We would advise you to contact the sender via phone to confirm the email request is legitimate. Alternatively give Portal IT Services a call and we will be able to help you identify any problems with the email.