Phishing – What’s that?

Phishing is an email that fools targeted individuals into parting with private information. Mostly this includes credit card details, but could also involve tricking the victim to transfer money or installing malware on their device. In this blog, I will explain how to detect the majority of phishing emails and giveaway clues that might trick you into giving away confidential information

The art of the phish

Cyber criminals may research their targets well in advance in order to gain maximum benefit from the phish. As an example, the attacker may trawl the business social media sites, where the Personal Assistant of the CEO has mentioned their details online. The attacker crafts a very targeted mail to the PA which leads to the PA releasing private information.
You receive email from your bank regularly, but an email that threatens your account will be closed if you don’t respond urgently with your Secret Answer and card information may be a phishing attack.

The Anatomy of a phish

Some quick pointers on how to spot a phish

From Email address

The mail seems to have been sent from a legitimate organisation, but the FROM address is from a personal address. Is the email being sent to other people that you do not work with or do not know them either.
Just because you received an email from your friend does not mean that they sent it. Your friend’s account may have been compromised or their computer may have been infected with malware. If you received an email from a friend or a colleague that seems out of place, call them on the phone and inform them.

To

Be careful of an email that has a generic salutation. Are you expecting a mail from this organisation? An organisation that emails you should know your name

Content

Check for grammar and spelling mistakes. All reputed businesses proof read their mails before sending them. Is there a threat? Does the email require you to carry out an immediate action? This is not a good sign, as there is an urgency to get the recipient to make a mistake. Companies will not seek your personal information.
Will your mailbox be disabled overnight? Never! Check the University’s webpages, call the Service Desk and verify.
Is there an incentive? Did you win the lottery? Most definitely not! Did a prince leave you his legacy? Really? So offers that are too good to be true, are not true.

Links

Exercise caution here. Are you expecting this link? Hover your mouse over the link, does the link make sense? The link should reflect what is mentioned in the content.

Attachments

Is there an attachment that you are being asked to open? Are you expecting the attachment? Click only if you are expecting an attachment in the format (extension) that is shown.

3 steps to avoid getting phished

1. Think before clicking on links or attachments
2. If it looks ‘phishy’ it most certainly is. Report it to the ServiceDesk or verify with the sender.
3. You are the last line of defence, if in doubt, throw it out!