What is Phishing?
Phishing is when someone sends a fake email to a wide audience – to manipulate victims into clicking on embedded links, or opening attachments, with the intention of either stealing personal information and/or putting malware onto their PC. A basic attack is generally distributed in large numbers, like spam.
Spear phishing is just like an ordinary phishing email, but it will be specifically crafted and targeted at individuals within an organisation and will seemingly come from someone, or some organisation, that seems relevant to the individual(s) targeted. Equally the content of the email will be of a pertinent nature to the individual(s) targeted.
The purpose of spear phishing attacks is often to obtain sensitive information, rather than financial information. It is much more sophisticated and elaborate. Attackers will mine social media sites (like Facebook and LinkedIn) to tailor the email so that it is extremely accurate and compelling.
Stay safe on-line
A leaflet recommended by the NFWI, Stay Safe On-line, can be downloaded below:
Tip 1 - Beware of impersonators
When cyber criminals send a phishing email they try to convince you they are genuine by impersonating legitimate organisations. Don't automatically click on links or open attachments – ask yourself:
Tip 2 – Check for unnecessary links
Cyber criminals often use links as a means of gaining access to IT systems and personal data. Ask yourself:
Tip 3 - verify links before clicking
It's important to think before you click on embedded links in emails
Tip 4 - never give out personal details
Be extremely wary of providing any personal information – for example usernames and passwords - before you have checked that the website page you are using is secure. You can do this by:
Tip 5 - check spelling and grammar
Often cyber criminals are particularly careless with their spelling and grammar. Professional organisations can make mistakes also, but generally they have content editors who will not allow mass emails to go to their customers containing spelling errors. So: