How to avoid falling for a phishing attack

Alexander Darcy
·
12 Oct 2020, 17:10:12 PM

When you fall victim to a phishing attack, not only is it humiliating, it can also lead to massive loss of information systems. Phishing also exposes confidential information.

What are examples of phishing?

Common examples of phishing emails include:

  • Emails requesting you to renew your password before it expires.
  • Emails notifying you about being hired for a job, and asking you to submit some personal information. They may also have attachments to download, containing malware.
  • An online service account of yours is about to be deactivated and is asking for credit card information renew it.
  • A message from technical support asking you to install a certain software, which is malware in the case of phishing.
  • An email from a company you recently paid money to, claiming your credit card information might have been compromised.

Why is it called phishing?

Around 1996, people on the internet were sending out scam emails as bait to fish for passwords. The “ph” which some of these hackers used to replace the “f” was from a phone hacking method called phreaking.

How common are phishing attacks?

According to Retruster.com, phishing attempts grew by 65% in 2019, accounting for 90% of data breaches. 30% of phishing targets opened the scam emails, and 15% of those successfully phished would be retargeted at least once in the year.

What are the signs of phishing?

  • Domain names spelt incorrectly - Things like letter “L” written as capital “I”, or “1”. Also check for any missing letters in names and email addresses.
  • Absence of verifiable information - If the subject is work-related, does the email address of the sender correspond with their work email address in your contacts?

Does the wording sound like the sender? These are particularly important for cases of a spear phishing attack, where the senders have a specific target.

This type of scam is usually about getting a quick money transfer or credit card information.

  • Unsolicited attachments - Don’t download or open any that you weren’t expecting. These can make you a victim of malware, which they tend to carry. This is one of the most common phishing techniques.
  • Grammatical errors and spelling mistakes - Look for those mistakes that aren’t so common. Check for similarities with subjects of emails in your spam folder.

These tend to be common in “spray and pray” phishing emails where the attacker hopes a random recipient will be a victim.

Make contact using known contact information. Call the alleged sender using a number that isn’t the one offered in the email. If you suspect that the message might be a phishing attempt, call your IT security personnel for assistance.

  • Differing addresses - Before clicking on a link, place your cursor over it and see the URL it directs you to. A phishing attack is likely to show one that is different from what’s written.
  • A tone of urgency or request for immediate action in the emails sent.
  • A “do not reply” notice usually at the end of emails.
  • Messages that bring a spam warning when you try to open them.

How do you protect against phishing attacks?

  • Block phishing emails from reaching users. Create spam filters to keep out the attacker.
  • Manage emails that get to users safely.
  • Use more automation through tools like anti-malware and endpoint protection software that is kept up-to-date. Try server-side email protection plus URL and content filtering.
  • For cases where the attacker might bypass these controls, train users on how to notice phishing emails. Security awareness is key to combatting a cyber attack like phishing.

Need help protecting your organisation against phishing?  CyberSafe are experts in training employees to become cyber aware and reduce the risk to your organisation of a phishing attack disabling your operations.