What is Phishing?
Phishing is when someone sends a fake email to a wide audience – to manipulate victims into clicking on embedded links, or opening attachments with the intention of either stealing personal information and/or putting malware onto your PC. A basic attack is generally distributed in large numbers, like spam.
Spear phishing is just like an ordinary phishing email, but it will be specifically crafted and targeted at individuals within an organisation and will seemingly come from someone, or some organisation, that seems relevant to the individual(s) targeted. Equally the content of the email will be of a pertinent nature to the individual(s) targeted.
The purpose of spear phishing attacks is often to obtain sensitive information, rather than financial information. It is much more sophisticated and elaborate. Attackers will mine social media sites (like Facebook and LinkedIn) to tailor the email so that it is extremely accurate and compelling.
Tip 1 - Beware of impersonators
When cyber criminals send a phishing email they try to convince you they are genuine by impersonating legitimate organisations. Don't automatically click on links or open attachments – ask yourself:
· do you know the sender?
· are you already a customer or an account holder?
· are you familiar with the products or services offered?
· were you expecting the email?
The less you know about the sender – the more cautious you should be.
Tip 2 – Check for unnecessary links
Cyber criminals often use links as a means of gaining access to IT systems and personal data. Ask yourself:
· is the link actually needed? Or would the purpose of the email be clear without it?
· phishing emails often try to convey a sense of urgency to get you to click on links and open attachments without thinking – so take your time to do some basic checks first.
Tip 3 - verify links before clicking
It’s important that you don’t automatically click on embedded links in emails.
· You can check links by hovering the cursor over the link (but not clicking) to see the actual address of the website the link will take you to. If you are in any doubt do not click on the link.
Tip 4 - never give out personal details
Be extremely wary of providing any personal information – for example usernames and passwords before you have checked that the website page you are using is secure. You can do this by:
· checking the URL address at the top of the page to see if the address starts with https:// rather than http:// and that a padlock symbol is also displayed.
Tip 5 - check spelling and grammar
Often cyber criminals are particularly careless with their spelling and grammar. Professional organisations can make mistakes also, but generally they have content editors who will not allow mass emails to go to their customers containing spelling errors. So:
· read through the email thoroughly and check for spelling and grammatical errors.