Phishing Attacks

Once again, we would like to bring up that all users must be extremely cautious when clicking any form of link or attachment embedded within an email. If the sender is unknown or you feel that the email is not actually from the stated sender, it is better to ignore the email until you have confirmation that the email is legitimate.

What is “Phishing”
Phishing is the fraudulent act of sending emails / messages pretending to be from trustworthy companies / individuals with the soul intention being the acquisition of others personal information, such as usernames, emails, passwords, credit card numbers and more. Phishing is thought to constitute one percent of all spam, with spam itself constitutes over half the emails sent on a daily basis.

Phishing is a form of social engineering that is a key weapon within a cyber criminal’s arsenal, the first documented instances of large scale phishing attacks occurred in the mid 90’s and specifically targeted AOL. There are an estimated 150 million phishing emails sent per day and of those it is projected that 15 million make it through spam filters. Of those 15 million emails, 8 million are then opened, and 800 thousand are clicked / interacted with.

How to recognise a phishing email

The spelling, grammar and mail structure
Often, the structure of an email is the first way that you can spot whether an email is a phishing email or not. The writing style / typeface is likely to appear different to how it is usually written from the original sender, even in the slightest way e.g. Font type, Font size, text spacing and general structure.
Within a professional setting, individuals tend to take communications very seriously, and often proof-read and grammar / spelling check their messages before being sent out. As such it is unlikely that the email came from the original source if an email is packed with spelling and grammar mistakes.
Strange URLs
A phishing email will almost always include some form of link that directs you to a site asking for login details or personal information. Checking the URL is often overlooked as the link will often take you to a webpage that is built to replicate the origin site.
A common example is a false security warning email from someone claiming to be Microsoft that requests you to log in and verify your account. If the link is clicked it will take you to a webpage that is designed to replicate the official Microsoft login page.
Exclusion of personal information
If you are addressed generically e.g. “Dear Sir/Madam” or “Dear Customer” as opposed to being addressed by name or department, it is possible that the email is not from a genuine source and has been sent out in bulk to multiple people.
Alarming / unusual content
A large majority of the time phishing emails are written to trick someone into clicking links out of excitement or fear. Some common examples are winning a prize or claiming that your account is not secure. The user will then input personal information/emails and passwords without thinking the consequences through.
“But it came from someone I know?”
A large number of phishing emails are sent from email accounts that have previously been compromised. This makes it easier to trick people, as the email comes from someone they know. Just because an email comes from a client, friend, supplier etc… all of the above still applies. If the email does not look correct, asks you to login somewhere or asks you for money you should contact the person, to confirm legitimacy of the email.