Phishing is when someone you don’t know sends you an email and pretends that they are someone you do know or trust. Some are more convincing than others. Not all are obvious, and some are so sophisticated you cannot tell if they are real or not!
2. How they do it?
Using either a domain name very similar to a trusted organisation @payypal.com, @ebayy.co.uk or like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’ or by using the trusted organisation’s name in the first part paypal@phishing.com, ebay@dummie.co.uk. It is also possible to make an email look like is has come from a trusted source but in fact has not. Or, by sending from a hacked account you trust which they have hacked by using phishing in the first place.
3. Why they do it?
The aim is to take something from you by compromising security. Your password, your account or even spreading a virus to destroy your PC or company data and network. If they gain access to your email account, they can use your account to send out the same email they caught you out with to others or ask for ransom money when they have encrypted all your companies data from a virus they spread by you clicking a link in the email. Some do this for gaining respect amongst hacker groups, it’s like a badge of honour for an accomplishment. Sad but true.
4. How to avoid the hook?
Pay attention, pay attention and pay more attention. Attention to detail is key! It is easy to fall into their trap but if you start to look at the details every time it will eventually become second nature to you.
If you click reply, be sure the reply address is what you expect it to be. This can be hard to spot on a phone, so leave it until you get to a PC.
Avoid clicking on links in email, if you must then search the company online and try to access that way rather than the link.
Hover your cursor over the link or button as it may show you the true address it takes you to, if it’s long and jumbled then chances are its fake. Again, this can only be done on a PC.
Avoid clicking a link then putting your email and password in! It is common to get an email saying your password has expired/account is disabled/ info needs updating. Don’t fall for it!
If something looks too good to be true, there is a 99.9% chance it is.
Make sure your PC & phone has the latest system updates and always have malware protection on your PC set to auto update.
Protect your accounts with Multi-factor authentication. There are many free apps for this. Microsoft Authenticator works very well. Click here for Microsoft Authenticator
I hope phishing for dummies has helped you understand phishing a little better, stay safe.
If you would like to know more about the next level of protection and better ways to protect your company network and data get in touch today +44 01832 578 338
