What is phishing?
Phishing you say? What’s that? Phishing is when someone is trying to acquire your sensitive information (such as username, password and credit card details) but is done by masquerading as a trustworthy sender and usually by means of email.
In the UK, there are a number of popular topics to choose from that you must be aware of, mostly these are emails from the big banks, such as Lloyds, NatWest, HSBC etc. However I’ve seen a huge increase in the amount of phishing email appearing to come from HMRC and Companies House. These emails have looked genuine – however if you know what to look out for you can easily start spotting the tell tail signs of a scam.
Think before you click
Before you go ahead and click on that link inside the email, stop, take a second to think, does the link look right, what is the link in the email asking you to do?
In some email clients (especially Windows ones) you can hover your mouse over the link, does the link in the email appear to be the same as the link URL? It should be. If not this could be a tell-tale sign something is amiss.
If you are unsure, go to the company’s website, by typing in their URL in a browser instead and then navigate to the area which is stated in the email.
Don’t get pulled in
Phishing emails are becoming a lot more complex nowadays as fraudsters can find all sorts of personal information online (social media sites, newsgroups, forums etc) and embed this into the email to make it look as though it’s been sent from somebody that you know.
Its people’s natural instinct to automatically trust an email if it looks like it’s come from someone they know, especially if it’s been personalised. With regards to the banking emails, these usually have your bank logos and sometimes latest news that’s been copied from the banks website – just to make it look official.
What things to look out for
If you know what to look out for, phishing emails can usually stand out, here are a few things to be aware of:
- Look at the sending address of the email has it come from the company’s domain name? Is it the same are previous email addresses?. Hover the mouse over the URL, is the URL the same as the text on the screen? It should be.
- Spelling mistakes are normally what makes a phishing email stand out, they are notorious for their spelling, if an email is full of mistakes, and this is likely a bogus email.
- Does the email contain any attachments? If so don’t click or fill any forms – especially in emails claiming to be from your bank. Banks never ask for personal information via email.
- Banks will never send links to their login pages, so never click on links and never ever enter any personal details such as passwords etc.
- You may not know this, but to be safe, never click on links in emails even if they look legitimate. Instead open your browser and type in the website you are used to visiting or use a bookmark you have created and look for the green address bar before entering your credentials.
HMRC actually have a web page dedicated to what to look out for, relating to phishing emails targeted at them, you can find more information here – http://www.hmrc.gov.uk/security/examples.htm
Companies House warnings about phishing emails can be found here – http://www.companieshouse.gov.uk/securityAdvice/index.shtml
Protect against viruses
In the unlikely case that you receive a phishing email, that contains an executable attachment, you should have some anti-virus in place to make sure that it scans the attachment and if necessary, clean and remove it before you become infected.
Especially with Windows machines, always ensure you patch and update your computer – Microsoft release Windows updates on a monthly basis, make sure you apply them.
Hopefully this blog is the start of a serious of blog articles that will help to highlight security fundamentals and help everyone when it comes to cyber security. For more information about this blog article or future ones, or to find out how TeraByte IT can help your business in get in touch by emailing: [email protected]