What is email phishing?
Have you ever received an order confirmation email from Amazon with details of something you’re pretty confident you didn’t purchase? If so, that feeling of panic will be all too familiar. That panic is just one of the factors that causes people to fall victim to phishing emails. It can be all too easy to click on malicious links in an attempt to get to the bottom of an unexpected email quickly. So what exactly is phishing and how can you prevent it?
Phishing is basically ‘fishing’ for sensitive information. This could be anything from usernames, passwords, bank details, and other personal details. Cyber criminals use ‘bait’, such as the above example of a spoof Amazon email, to catch their victims, often posing as big companies such as Amazon, Apple, or Facebook. This style of phishing is one of the most common forms, as it’s an opportunity for cyber criminals to take advantage of the average user’s trust of these familiar companies they use every day, in order to extract the information they want. Emails supposedly from these well-known companies often include links with an urgent call to action. As above, they play on panic and fear.
“We’ve recently noticed login attempts from an unknown IP address to your account. Please click the link below to verify your account. If you fail to verify within 5 days, we will suspend your account.”
“We have received notice that you have recently attempted a transaction of £564. As a safety measure, please visit the link below to verify your details.”
Phishing emails don’t just come from well-known companies – they can come from people you trust, such as a colleague. This often happens when they’ve fallen victim to a phishing scam themselves, and the cyber criminal has accessed their contacts. So if you ever receive an odd email from a colleague, don’t reply or click on anything, and report it immediately to your IT department.
What happens if you do click on a link?
Often, malware such as viruses and ransomware will be installed in order to gain access to your sensitive information. Here are the steps you should take if you do click on a link:
- Disconnect your device from the Internet. This will help prevent the malware spreading onto other devices connected to your network.
- Back up your files, particularly those with sensitive information.
- Use your anti-virus software to scan for any malware.
- If malware is detected, change your online credentials to make it more difficult for the perpetrator to gain access.
- Contact your bank to inform them and ensure they monitor your accounts for suspicious activity.
How do I spot a phishing email?
- The email address is unfamiliar: It may come up in your inbox as @firstname.lastname@example.org, but upon closer inspection, you’ll often find the email address is a bunch of random characters that’s not associated with the supposed sender.
- Poor spelling and grammar: Companies such as Amazon are highly unlikely to allow an email with spelling/grammar mistakes to be sent out. Any mistakes should be a red flag.
- The email asks for personal details: If Facebook is asking for your password or your bank is asking for your account number, you can guarantee the email is not genuine. If you’re ever unsure, get in touch with the company instead of responding to the email or clicking any links.
- Use your gut: If an email doesn’t look right, it probably isn’t. Trust your instinct.
Want to know more about protecting your business from phishing emails? Download your complimentary Awareness Training brochure and ensure your staff know how to respond to a phishing attack. Fast.