I’m sure we can all remember a simpler time in cyber security when every now and again you’d receive a random file in your inbox with a .exe file and you could simply ignore it, block the sender and go about living your life! Unfortunately, as virus protection and spam filtering became smarter and smarter, so did the people on the other end of that malicious .exe file. Attack vectors have shifted in recent times from attempting to get the end user to install malicious applications, to what is known as phishing attacks, but what does it all mean and how do you remain safe both at work and home?
What is Phishing?
Phishing is a term given to a social engineering attack, generally aimed at stealing your personal data such as username and password combinations as well as credit card details. Often the attack will masquerade as an email from a legitimate source including institutions such as banks, the government or even large service providers such as Microsoft and Netflix. The email will likely contain a call to action line like ‘your account will soon be suspended unless you update details here’ as just one example, and then provide a link taking you to a copy of the website but instead of logging into your account, your giving your details direct to the criminal! Regardless of their intentions, these scammers are smart. Often they’ll deliberately not give you access even to this fake portal for a few attempts so that you try a number of username and password combinations, which then gives them more ammunition to breach more of your accounts as let’s be honest, we all re-use passwords across accounts, which is another no-no!
How Do I Spot a Phishing Email?
What is the best way to spot a phishing email? There are a couple of basic techniques that we can all use when looking for phishing emails. The first step is to TAKE YOUR TIME when looking at emails. Now this may sound easy, especially in a home environment, but in a fast-paced work setting we can often receive hundreds of emails per day and the phishing email is just another action item you must clear! Take your time to read the email and ensure you are happy with its authenticity. The second is to ask yourself, should I be receiving this email? If I bank solely with NAB yet the email is from ANZ whom I have never had dealings with, that should be a red flag. If the email looks like it is from a relevant, trusted source, look further at the content, are they trying to have you click on a link to take you to a website? Most institutions, to combat phishing, NEVER link direct from emails. It is actually a pretty good rule of thumb to never follow any links in emails (unless those shoes really ARE that cheap!). Netflix wants to update your credit card details? Ok, just head to their website direct and sign-in. Finally, if the email looks authentic and the content is relevant, has it come from a trusted source? i.e if Microsoft is emailing you, does the email end in @micrsoft.com (or a regional variant) or is it a mix of random letters, oh it’s the latter? Safe to assume it is spam. This can be the tougher one to verify, especially on mobile devices where it is not always overtly visible so oftentimes one may need to take even LONGER than the few seconds we’ve already spent on the email so far, and open it in a desktop application.
Ok, They Got Me, What do I do Now?
You clicked a link, are you going to die? Chances are no. Most phishing emails are trying to get you to take that next step and enter your username and password, if you clicked on the link and the website looks weird or there are typos on the page, click off immediately and best practice would be to clear your browser cache and run a virus scan for good measure.
By no means does the above represent ALL of the methods of attacks, in fact, it barely begins with what we’ve covered! The safest behavior around email security is to always be cautious, no matter what anti-virus software you have installed, or how good your spam filter is, chances are you WILL be targeted at some point by a scammer and all that remains then in defense of your data is your vigilance!
Still think you cannot spot a phishing email from your weekly email from mum? Or just want more tips on how to be safer in an online world? Contact our team and we would be more than happy to extend the conversation.