When it comes to cyber security attacks, by far the most common is that of phishing. This form of attack is performed by criminals who acquire sensitive or personal information from victims through the use of deception. Hundreds, if not thousands of emails will be sent out to unsuspecting recipients, and made to look as if they have been sent by a reliable source, for example a bank or some other trusted organsiation. In reality this is a rouse in order to gain access to your confidential data, such as usernames, passwords or credit card details, or, failing that, they may instead look to utilise your mail server and send emails to your contact list.
It is estimated that over 1,500,000 phishing emails are sent each and every day. Although most people will remain vigilant, it only takes a very small number of these emails to make it through to a person’s contact list for the problem to escalate, as rather than an email coming from a supposedly legitimate company, it will instead be coming from the personal address of someone you know, and feel you can trust. It is through this combination that phishing criminals truly begin to spread across the digital arena.
Whereas traditional phishing plays on the idea of casting out bait in the hope that some will bite, spear phishing is a more targeted attack that focusses on businesses, by posing as an individual that may be known and trusted. With the most basic information, such as a name and email address, a spear phisher hopes that you will allow them access to confidential information based on nothing more than false familiarity with the sender. Once access is granted, the hacker can then look to install code onto your machine that grants continual entry, meaning a direct route into the company’s network as and when required.
Vigilance is key, which is why we have put together some simple ways to avoid taking a bite:
- Check the Sender’s Domain
If someone claims to be from an organisation you know, always check a legitimate source first before clicking any links. The domain that the hacker uses will be similar but not the same as the official one, making this the easiest way to determine a fraudster.
- Are You Being Asked For Unlikely Information?
You will frequently receive correspondence from banks informing you that they will never ask for account details, so if you are asked, be wary. If you are suddenly being asked for something out of the ordinary, then call the organisation directly, and find out why.
- Test with an Incorrect Password
If you have clicked a link, but then feel suspicious, enter a password that is wrong. If you are still allowed entry, the website is fake. The point of the exercise is for the phisher to obtain your password, meaning they won’t have it already. Once a fake password works, make sure to stop typing.
- Speak To the Company Directly
Don’t feel flustered or panicked by a phishing email. Often you will be asked to quickly enter details to avoid your account being disabled or closed. This is unlikely to ever happen. Pick up the phone and double check if this is the case, and if so why.
By simply being cautious you can avoid the potentially devastating impact that a phishing attack can have. Follow the advice above and you can remain hacker free. For any more information get in touch with Digital Pathways too, and see how we can help.