Phishing: What is it and How to Avoid Being Caught Hook, Line, and Sinker
What is Phishing
Phishing is defined as ‘the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information’. This personal information could be your credit card details, online banking password, address and any other information perpetrators can get that can be sold on. So, what types of phishing are there?
Deception Phishing/Mass Phishing
This is the most common form of phishing. Perpetrators will send vast amounts of texts/emails which have no specific receiver in mind. These are usually the easiest to spot, but you still need to watch out for them. An example of a mass phishing attempt would be if someone sent out a mass email supposedly from a trusted university. This email might go out to all the students and faculty members who are told that their passwords are about to expire, so need to renter their old and new password. Anyone who clicks on the link and enters their login information then gives the perpetrator access to sensitive information.
Spear phishing is when perpetrators are looking to phish for a targeted person or looking to impersonate a specific person. Often spear phishers are looking for financial gain, trade secrets or military information. Due to there being a specific target, the perpetrator will attempt to find out personal information of that target from social media, to look and seem more authentic. American technology company called Ubiquiti Networks Inc. was a victim of spear phishing. The attack occurred when a fraudulent email came through, impersonating an employee. The employees believed the email to have come from an executive, as a result of spoofed email addresses and look-alike domains. The email resulted in $46.7 million being transferred to a subsidiary in Hong Kong.
Whale Phishing or CEO Fraud
Whale phishing is specifically targeting at CEO’s or CFO’s. The reason these ‘whales’ are targeted is because they may have access to highly valuable and/or competitive information or have access to the company’s funds. Whale phishing is the hardest to detect because money goes into making these communications look real as for the perpetrator, it is a high reward phish. One of the worse accounts of CEO Fraud was in January 2016. The CEO of Airbus and Boeing, Walter Stephen was impersonated by a fraudster. The cybercriminal impersonated his email and demanded a lower level accountant to transfer $47 million to an unknown bank account as part of an “acquisition project”. Walter Stephan and the chief financial officer and have yet only recovered one-fifth of the loss.
How to Spot a Phish
Whether you’re a resident, an employee or CEO of a business, it’s important you can look for certain features to determine a legitimate communication from a phishing attempt.
Are you expecting it?
This is the most important thing to keep in mind. The most crafted, perfectly written email could be constructed and sent to you, but if you’re not expecting it, you can quickly deduce that it is a phishing email.
When you’re trying to determine if an email is a phishing attempt, look out for whether the email domain (e.g, @spectruminternet.com) matches who is supposed to have sent the email. If the email domain name does not match the sender, do not open the email, link or any attachments.
Urgency and Sensitive Information
If there is an element of urgency in the email, for example, if you don’t click the link your account will be suspended/deleted etc, it could be a phishing attempt to pressure you into revealing sensitive information. Also, if over email or phone someone wants you to reveal sensitive or financial information, be wary and double-check with the official company/individual but NOT through replying to that email/text.
If a link is sent to you, hover over it with your cursor to see whether it matches where the link should be taking you. For example, if the email tells you that Santander wants you to relog into your internet banking when you hover over the link, it should show you a link to the Santander webpage. If the link does not match, don’t click it.
Greetings and Grammar
A tale-tell sign of a phishing email is if the salutation of an email starts as “Dear/To User” or ‘“Hello Bank Customer”. Additionally, if they sign off the email ‘from [email address]’, it’s a good sign that the email is a phish. Also, poor spelling and grammar could suggest it’s a phish, especially if the spelling errors occur within the name of the company or slogan.
Many phishing attempts will use attachments to download malware onto your device. Unfortunately, even if you have a security system downloaded, it may not register as malware as so many are created daily. Therefore, if it is a file name that you do not recognise, e.g. EXE, RAR, ZIP, DOCM, XLSMM, do not open it. These files download malware onto your device. Also, with some of these files, they are encrypted so you can’t see what’s inside until you open it, and subsequently then get a virus on your device.
These six things to look out for can be helpful to detect a phishing email/text/phone call, but you still need to exercise caution. A phishing email could be extremely well constructed and not use any of the features listed above. So, the final thing you can look for is, does it sound like the person who is meant to have sent it? If it is someone you regularly communicate with, do they sound too formal, too informal or does it just not sound like them. If so, contact them via a communication you have used to speak to them before and ask them if it is actually them. Remember, if you’re unsure, don’t open any emails, links or attachments.
If you are a Spectrum Internet customer and would like to find out how Spectrum Internet’s broadband can protect your devices from malicious threats, including phishing whilst keeping your privacy click here.
Alternatively, if you are not yet a customer, if you purchase any of our broadband packages you can to tick ‘Yes’ or ‘No’ to the question, ‘I would like the Spectrum free security from dangerous websites’.