You receive an email from what appears to be a trusted organisation asking for personal information from you like usernames, passwords, or bank account details. These kinds of emails often include links taking you to a site to input your personal data. It might look legitimate, but how can you tell if it’s genuine or not?
We have all been greeted by an angry email asking for personal information. Even the most observant of us can enter panic mode when receiving an email titled URGENT! So be prepared to look for clues and red flags, you do not want to be the next target.
The threat from cybercriminals is increasing rapidly. New tactics are trapping innocent victims into releasing sensitive data each day. Here you will find information that will prepare you if you are being targeted.
What is Phishing?
Phishing is an illegal attempt to convince web users into releasing personal information and data. Once your precious information is obtained, hackers will create new user credentials or install malware (such as backdoors) into your system and proceed to gather more info. The most common example that comes to mind is bank fraud, but scammers are evolving, making smart attempts to gain information through other outlets such as online retailers and streaming services.
How do they do it?
Firstly, criminals will disguise themselves as an official organisation. This does not have to be a replica because phishing scams rely on their persuasive tactics and volume of emails sent to a huge pool of online users. Emails like this will seem automated (in most cases) as this is just a template for hundreds of different individuals. Be aware that cybercriminals are adapting and making more personal attempts to gain information.
The tell-tale signs are harder to pinpoint at first glance but if you look further you can identify common giveaways like spelling and mistakes within the text, or the name of the company may be slightly different too, so pay attention to the small details. The most important thing to remember is that big companies and organisations will never ask for our personal information over email or SMS/message. Genuine information requests are encrypted, making your data secure from criminals.
Here is a list of the top 5 signs that an untrustworthy source is trying to target you
Unsuspected urgency – Intimidation can work wonders for cybercriminals. If the email is ordering you to perform a task in a demanding tone, this usually suggests that they are trying to panic you into handing over some form of information. Don’t fall for the threats!
Poor language & grammar – Proofreading can highlight unprofessional grammatical errors within the text. This is usually due to the email being rushed and partially checked. In most cases, scammers may be auto-translating into multiple different languages. Remember to always check for these key mistakes.
Asking for personal information – This may come as an obvious sign, but you will be surprised by how many of us are quick to fill in even the most basic information like our email address. Compare a genuine link to a suspected false email and use your common sense!
Senders email address Compare the senders’ email address with the company in question, and you will most likely spot the differences. Is it completely random? You can also dive deeper and uncover the original address related to the email, exposing the identity.
Embedded links and pop-ups when receiving a phishing email, you will usually be greeted by multiple pop-ups and links which could encourage you to investigate – DO NOT CLICK! Even if you want to investigate, this is the most common ways scammers can infect your device with illegal malware without you even knowing.
The different types of phishing
Email phishing – undoubtedly, the most common form of phishing is through email. Intruders will use generic headers like ‘dear account holder’ and ‘order confirmation’ this is a way to grab your attention without having to refer to your name. A genuine email will be more personalised to you.
Clone phishing – As the name suggests, clone phishing is a way that scammers create identical versions of already received emails. This is possibly the hardest to detect alongside other techniques.
Spearfishing – Also known as social engineering, this is a phishing scam with more of a personalised approach, attackers target a specific individual or organisation by carrying out background checks and gathering information. Once the hacker has gained enough information, they will build a near-identical email tailored to the individual and attempt to spread malware onto the device.
Pop-ups – watch out for disguised pop-ups and ads if you do you may have invited an unwanted virus to your device. Do not be fooled by pop-ups that claim to be an ‘anti-virus software’ you could be doing the complete opposite.
Whaling – this is the most sophisticated form of attack to blindside government and high-ranking officials into releasing confidential information. Trained hackers curate complex phishing disguises to trap the powerful top tier.
Black Friday opportunists
We are approaching the time of the year when shoppers desperately hunt of the best bargains on the market. The Guardian reported last year that UK shoppers spent £7.7 billion in Black Friday sales, this will be an ideal time for phishers to bombard unlucky buyers into releasing private information, such as login details and passwords or bank details from false online retailers, especially during COVID-19 pandemic.
Never provide sensitive information in response to an email or message, including a link.
Never give your full password over any form of random contact. Remember, legitimate institutions will never ask for this information.
Avoid clicking links and pop-ups! URLs may look legitimate, but they will usually contain subtle differences that will direct you to a fraudulent site, putting you in danger of fraud.
Always check and verify transactions authorised by you. Online banking now gives instant reports from your account, so always check with them first.
Check the email address it has been sent from. This will seem off, and you should be suspicious. These messages will also usually not be addressed to you directly and are universal messages. Most legitimate transactions will use your first and last name.
Look for the common phishing language, grammatical errors, tone, and format can identify a genuine email to a scam. Scammers like to use common phrases like ‘verify your account’, ‘Act urgently’, ‘Take action now’, give warnings that your account has been hacked or is limited, or offer cash rewards and prizes to try and entice you.
Check the website authenticity. Click the padlock icon within the address bar. This should show you the application for the SSL (security) certificate.
Never download anything from a pop-up ad or an email you’re unsure of.
Install anti-virus software and use spam filters.
Halcyon Networks can protect you and your business from cyber-threats
If you would like to know more about how to protect yourself or your business from phishing scams, contact Halcyon Networks and get in touch with firstname.lastname@example.org or give our specialist team a call on 01516784545. We can offer protection against malware attacks and cyber-threats by ensuring your IT infrastructures are protected and secure. We are ISO 27001/9001 accredited, which means we promote data security and we always adhere to the Cyber Essentials guidelines as issued by the National Cyber Security Centre (NCSC).