Phishing – What Is It and How to Avoid It

Phishing – What Is It and How to Avoid It

There’s always some IT jargon to contend with and here is another one – ‘Phishing’ – but you do need to look out for it. ‘Phishing’ is the attempt to obtain your personal information (login details, credit cards etc.) by someone pretending to be someone trustworthy in an email or other electronic communication.

Typically, they may try to get you to a website which may look completely legitimate and identical to the genuine website, such as a bank, and there they get you to disclose information that they want for their own purposes. On the face of it you may read this and think “They wouldn’t catch me out”, but they are very good at what they do and can be very persuasive.

A single click can be the difference between maintaining data security and suffering financial losses and not just personal bank accounts – businesses are especially vulnerable. From the moment just one employee takes the bait in a phishing email, your business is vulnerable to data breaches and extensive downtime.

As well as being vigilant, here are a few tips for things to look for :-

1. Poor spelling and grammar

While occasional typing errors happen to even the best of us, an email filled with errors is a clear warning sign. Most companies push their campaigns through reviews where errors are caught and corrected. Unlikely errors throughout the entire message indicate that the same level of care was not taken, and therefore the message is possibly fraudulent.

2. An offer too good to be true?

Free items or a lottery win sound great, but when the offer comes out of nowhere and with no catch? Take care not to get carried away and do not click without investigating deeper. Remember, this can look as though this is coming from anyone that you may actually happen to deal with – your broadband provider, bank or any other source – and the criminals have just struck lucky in your case that you are an actual customer.

3. Random sender who knows too much

Phishing has advanced in recent years to include ‘spear phishing’ (more jargon!), which is an email or offer designed especially for you or your business. Culprits take details from your public channels, such as a recent function or award, social media, etc. and then use it against you.

The only clue can be that the sender is unknown – they weren’t at the event or involved with you in any way. Take a moment to see if their story checks out.

4. The Website address or email address is not quite right

One of the most effective techniques used in phishing emails is to use domains which sound almost right. For example, [microsoft.info.com] or [pay-pal.com]. This technique is also used in search engine listings where someone pretends to be a company.

Hover over the link with your mouse and review where it will take you. If it doesn’t look right, or is completely different from the link text, send that email to the bin.

5. It asks for personal, financial or business details

Alarm bells should ring when any message contains a request for personal, business or financial information. If you believe there may be a genuine issue, you can check using established, trusted channels such as calling the company using a telephone number that you know is genuine.

Take care if using a search engine to get the number – ensure that the information comes from the genuine website (see tip No.4 above).

While education is the best way to ensure phishing emails are unsuccessful, a robust spam filter and solid anti-virus system provide peace of mind – especially if you are running a business.

Give us a call on 01455 209505 to discuss how we can help secure your system against costly phishing attacks.