No, we aren’t going to tell you about sitting at the side of a lake for hours on end attempting to catch a trout. It’s not fishing, it’s phishing, and it’s something everybody should be aware of. A recent survey reported that 85% of organisations had been subject to a phishing attack in 2016 and it can seem a daunting task to stay secure while online. With over 15 years’ experience of helping clients with their Cyber Security, we’ve seen these attacks change and become more sophisticated. You may have heard the term ‘phishing’ but what is it? The more you understand the term and the dangers the less likely you’ll be to fall for a attack.
In short, phishing is a type of cyber-attack that will try to trick people into disclosing confidential information or transferring money to an unknown source. On a base level, there are two different types of phishing attacks.
An untargeted phishing attack will cast out some ‘bait’ to a large number of people trying to get anybody to click a malicious link that has usually been delivered by E-mail. As the title suggests, the attackers will not go after a particular person or businesses. As the attack targets anybody it makes the attacks quick to create and execute. The contents of phishing attacks change on a regular basis due to them having a short life before they get compromised and blocked. The majority of the time they’re easy to spot, and have a low success rate but can catch out people who aren’t clued up on cyber security.
Targeted (Spear) Phishing
As you’ve probably guessed already ‘targeted (spear) phishing’ is an attack that will target a particular user or businesses. These attacks can take months to plan and execute as they take extensive research. The carefully thought out attacks will be personalised looking to strike a chord with the recipient.
Imagine two people are fishing at a pool. A fisherman (untargeted phishing) will be trying to catch a fish in the pool. Meanwhile, a spear-fisher (targeted phishing) will be trying to catch a specific fish.
If you regularly use E-mail, there’s a high chance you’ve been part of a phishing attack. Below are some real-life examples of attacks.
The classic phishing E-mail is being told you’ve won a too good to be true prize or amount of money? That’s because it is too good to be true. They’re fake, they just want your bank account details and should be deleted as soon as you get them. Another method of getting bank details is by alerting people to a missed payment or problem with an online account. Often these E-mails will look like they’re coming from a bank or mobile phone provider telling the user they need to log in with their details. These E-mails will contain malicious links that should not be clicked under any circumstance.
What to look for if you think there’s a phishing attack
Some phishing scams are more obvious to spot than others. If you recieve an E-mail telling you you’ve won an extortionate amount of money from an offshore bank account, it’s going to be fake. But what should you look for if the scams are more sophisticated and complex?
This is one of the main giveaways when it comes to phishing attacks. Would a multi-million-pound professional company really send an E-mail littered with spelling and grammatical errors? We’re a nation of skim readers and often miss even the most basic errors. If the E-mail seems important always double check the contents of it.
As you can see with the above example the E-mail There are numerous grammatical errors;
- the vehicle holder had break the terms of parking’
- ‘Refference number’
- ‘if you think there are any mistake‘ (How ironic!)
Strange looking E-mail address
Always be wary of unknown E-mail addresses. Phishing attacks will usually be sent from rogue E-mail addresses. Take a look at the example below;
You should never click a link in an E-mail. If there’s a page you need to visit, always do it by manually typing in the address on an internet browser. Always question links in E-mails, especially when you’re not expecting them.
Phishing attacks are getting more frequent, and they’re here to stay. It’s more important than ever to be cyber secure. If you have any questions about phishing or have even been subject to an attack yourself let us know in the comments below.
101 of the Best Cyber Security Tips, Tricks, Hints and Advice