Phishing Emails - Don't Get Caught!

Have you been a victim of phishing?

Do you know how to recognise a phishing email?

Now that so many of us are working from home and other locations, the threat is becoming more prevalent with over 7,000 phishing scams reported in 2020 so far.

Phishing is the simplest and most common method of computer-based social engineering.  A phishing attack involves crafting an email that appears legitimate but in fact contains links to fake websites or to download malicious content.  The email can appear to come from a bank, credit card company, utility company, or any other number of legitimate business interests a person may work with.  The links contained within the e-mail lead the user to a fake web form in which the information is entered and saved for the hacker's use.

Phishing can either be really good, such as perfect spelling, using insider information like specific clients or projects or known names of people - this is likely a targeted attack;  Or phishing can be really bad with poor spelling and more interest in personal areas of your life and is likely just trying to get another bot added to the hacker's botnet (i.e. to use your PC as a base for future hacking).

Phishing can be prevented by good perimeter email filters but the best way to defend against phishing is user education.

The following points indicate a phishing email and items that can be checked for legitimacy of the email:
 

• Beware of unknown, unexpected or suspicious originators - if you don't know the entity or person sending the email, treat it cautiously. Even if the email is from a person or an entity you know but the content is out of place or unsolicited, it's still something to be cautious about. Check the 'From' address is from the company, not a random site or a free email service like Gmail or Hotmail.
   
• Be aware of who the email is addressed to - an indicator could be the 'To' field or the opening greeting.  They'll generally address you personally in the greeting instead of providing a general salutation.
   
• Verify phone numbers - check any phone numbers that are on the email.  Look up the Website or call the number to see if it exists.
   
• Beware of bad spelling or grammar - emails from big companies are not going to have spelling mistakes or bad grammar (like verbs out of tense).
   
• Always check links - many phishing emails point to bogus sites.  Simply changing a letter or two in the link, adding or removing a letter, changing the letter O to a zero or an l to a one completely changes the website you will be directed to.  Hovering your mouse over the link will show you where the link is actually going.

The simple tips described above will help you not fall victim to a phishing attempt.

Loyal I.T. can provide training for you and your team on all aspects of security.  Please contact us on 02 4337 0700 or at security@loyalit.com.au if you would like a training session or further information on how to secure your business from security threats.