Every day billions of phishing emails and texts are sent. The aim? To prey on human error, gather your data, steal your identity and/or infect your devices. The likelihood is at some point today one or two of these will end up in your mail box.
The pure sneaky-phishing cheek of it all!
They can be tricky little blighters. Their hope is to catch you off-guard such as when you are dealing with your latest client or when you are tired from the constant zoom meetings or indeed at that precise moment when your home schooled children ask you yet again ‘can I have a snack?’.
Well we cannot help with the barrage of home school questions but we can give you some quick and easy points to think about before you click.
- ‘It’s someone I know so it must be fine, but where is it from?’
These Cyber criminals do like to imitate the email display name, why? Because you are much more likely to open the email if you recognise the name. However it is harder to do this to the domain name that the email is coming from. So even if you recognise the name always check the domain.
Also anyone can buy a domain name (the bit after the @) that is one letter different to the website they want to pretend to be for example Microsotf. The better known the brand name the easier it is for people to be fooled so take a second look.
- Watch out for the links
Usually the purpose of all phishing emails is to get you to click the link.
Hover your mouse over any link without clicking. You will see the address pop up and if it is not what you would expect do not click on the link. You can always check if the website is genuine by opening the name up in your browser. Do not follow any links or contacts directly from the email.
- Attachment issues?
Usually attachments are only sent via email when you have directly requested something otherwise be wary and do not open. It is also worth noting never click on a link within an attachment and never disable protected mode.
- Maiden name? First pet?
Do not give your information out. Most companies will never send you requests for sensitive information unless you request them to do something specific like a password reset. Refer back to the company’s policy on sensitive information. It will tell you exactly what they will never ask you.
On that note, make yourself a harder target by reviewing your security and privacy settings but also being mindful about what you post on social media. Can criminals glean information about you from your latest post?
- Don’t panic!
Creating this sense of urgency or worry is designed to make you panic to reply. The recent fake HMRC emails/telephone calls are a good example of this. ‘If you do not reply legal action will be taken,’ ‘if you do not reply police will be informed’. Unless you know there is a genuine issue that you need to contact someone about never click, reply or press 1. Contact the named agency directly and ask them.
Do not be a victim of FOMO. Time limiting sales such as ‘Amzon (see what we did there) deals end in 1 hour’ are a popular method to create urgency in the reader. Go direct to your Amazon app and double check because obviously if it is real you will want to grab that half price hoover.
- Farewell my friend, your spelling and grammar is atrocious
Do they know their there’s, theirs and they’re? Can they formulate a sentence appropriately and as you would expect?
Does the email have a signature? Hover over the links which most people have around their signature and see if they are real
To conclude
Unfortunately Cyber criminals are evolving and even the best spam filters are unable to stop every single phishing email. Some are just too good and appear too genuine.
It is up to us to provide the extra layers of security and if you are running a business with staff it is essential you provide basic Cyber Education to your team.
Your IT support company can and should be supporting you to provide this education and to help you to set up your email protection and anti-spam filters.
So what do you do if you’ve already clicked?
Do not panic! There are a number of practical steps that you can take;
- Stop and call your IT support company immediately, they will give you a step by step guide to help. Also feel confident to tell your manager or colleagues so that they can support you. If you do not have an IT support company….
- Open your antivirus software and run a full scan. Follow any instructions given
- If you have been tricked into providing your password you should change it immediately and on any other accounts with the same password.
- If you have lost money report it as a crime to Action Fraud www.actionfraud.police.uk
If you suspect you have a phishing email that you are just not sure about you can also send it to report@phishing.gov.uk
The National Cyber Security Centre will analyse the suspect email and any websites it links to. As of 31st January 2021 the number of reports received stand at more than 4,500,000 with the removal of more than 30,000 scams and 55,000 URLs. (NCSC.gov.uk)
If you require any advice for your business please give the Southern Solutions team a call on 02382 022099