Phishing e-mails are unfortunately very common.
They are everywhere on personal e-mails and as well as business. Despite what we already know about them many people still fall victim to them. This is true now more than ever, where during the current pandemic, phishing e-mails have increased by 600%.
Phishing is an attack used by cyber criminals to trick you into giving up personal information by taking an action, usually under the guise of a legitimate business or organisation.
In it’s infancy phishing originally described e-mail attacks that stole usernames and passwords, and while this still happens, the term itself has evolved over time and now refers to almost any type of message-based attack. A more recent term that stems from this is ‘spear-phishing’ – the concept is still the same as phishing, however, instead of just sending random e-mails to millions of potential users, they send more targeted messages to select few individuals. This method involves more research from the cyber criminal, such as examining social media profiles, or any messages posted on public forums. Using this research, the criminals then create a highly-customised e-mail which appears more relevant to the victim. With this in mind, we actively encourage the user to ensure that their social media profiles are set to private and by not revealing highly personal information online such as an address.
But, how do defend ourselves? Particularly in the face of spear-phishing, it is becoming harder and harder to tell a fraudulent e-mail from a legitimate one – the answers are more basic than you think.
- Be wary of public domains
- Any legit business would never use the likes of a @gmail.com or @hotmail.com account to correspond with its clients. With the exception of some small organisations, most businesses will have their own domain and company accounts. One quick way you can check the domain name of an organisation is just by typing their name into a search engine. Our biggest tip in this case would be to always examine the e-mail address, not just the sender.
- Watch out for bad spelling or grammar
- This is example is more elementary but still important. If an e-mail is a poorly worded, with multiple spelling or grammatical errors, then chances are that the sender is not legitimate. One thing you may not know however, is that there is usually a purpose behind the bad spelling, hackers generally aren’t stupid and they prey on the less observant and the ignorance of the user, confirming to them whether or not they are an easier target.
- Keep away from unsolicited attachments
- Any legit organisation won’t be sending you attachments via an e-mail unless otherwise confirmed prior. A good example being buying insurance for instance, usually the insurer will send documents in the form of a .pdf to the client via e-mail after consultation via telephone. Be even more wary of attachments sent as .zip files, as it can be more difficult to confirm what the enclosed file might be. If you happen to see any e-mail you think looks real, go over the last two points and cross-examine.
- Legit businesses don’t deceive you
- One tactic used in many phishing e-mails is where they are coded entirely as a hyper-link. So if you find yourself constantly mis-clicking and being re-directed to a website you can be rest assured that the sender cannot be trusted. Any company worth their salt will not deliberately force you onto their website by being deceitful. If you have happened to accidentally be directed to one of these websites after mis-clicking and it automatically downloads the file to your computer – do not open it!
- Email is asking to confirm personal information
- This is the main goal of any cyber criminal using phishing e-mails. If they are directly asking for personal information via e-mail correspondence then go over the last few points and asses whether or not the sender is legitimate. Some of these e-mails will usually employ fear tactics to get the information from you, some ways being that you owe someone money, and vice versa.
Another crucial way to avoid falling victim is to stay educated, and to educate others. Whether this be colleagues, family or friends. There is a host of information available online at your disposable to keep you updated of any new tactics and more. The more you know, the less likely you are to fall prey to cyber criminals. Feel free to use our graphic below to help educate others on some simple ways to keep vigilant:
Lastly, to help tackle this problem, you can do your bit by forwarding suspicious e-mails to the NCSC for review. In doing so you’re helping to get malicious web pages and services taken down and therefore less likely to attack others. Forward anything suspicious to: firstname.lastname@example.org