This is the second in our series of blog posts on cyber security. You can find the first post, on multifactor authentication here. This post will look at phishing attacks, how to protect yourself and the services we can offer to support you.
We’ve all been there – you get an email that almost looks legitimate, asking you to click a link or confirm some details. Sometimes these can be easy to see through, with strange grammar or misspelt words making it easy to identify as a phishing email. However, phishing attacks can also be very subtle and difficult to spot.
Taking a step back, 'phishing' refers to an act where somebody uses scam emails, text messages or phone calls to trick their victims.
Phishing attacks often ask the victim to visit a website, which may download a virus onto your computer, or try to get the victim to provide personal details, that can then be used by the perpetrator to imitate the target, gaining access to bank accounts, computer records or other sensitive information.
This risk is further heightened in instances where the laptops or PCs are shared between multiple users.
How to spot a phishing attack
Whilst phishing attacks can often look quite convincing, there are some things you can look for to help identify whether the communication you have received is legitimate or not. To begin with, there are some key questions you should ask yourself if you have received something you think may be a phishing attack:
Have you received communication from this email address/number before?
Were you expecting it?
Are they asking you to do something?
If you don’t recognise who the communication has come from, you weren’t expecting to receive the communication and are being asked to take some type of action, there is a high probability it is a phishing attack. There are also some specific things you can look for depending on the type of communication you’ve received.
If you have received an email, the first thing you can check is the "Sent From:" section of the email. Phishing emails will often have a header that looks like it would be from a real person or company. However, the actual email address will often have nothing to do with the person or company that is supposed to have sent the email. More easily identifiable phishing attacks will often be a collection of random letters and numbers; however, more sophisticated ones will try and replicate the company they are perceiving to be by using subdomains.
Below is a typical example of a phishing attempt, where the email is attempting to trick the end user into thinking the email was sent from a well-known company. The email address, however, indicates that it is coming from an unknown account.
Phishing attacks can also come through other routes. Phishing text messages are particularly prevalent. The first way to spot a phishing text is whether the message is from an unrecognised number. If so, and you weren’t expecting to receive a message from a new number, it is highly probable that it is a phishing attack.
How can you protect yourself and your business
The Microsoft website has some great tips on actions you can take to protect you and your business from phishing attacks, and we’d recommend you look at their page on how to protect yourself from phishing - Protect yourself from phishing - Microsoft Support.
We can also help ensure your business is as secure as possible against phishing attacks. This support could be raising staff awareness through simulated phishing attacks, training, or setting up your IT policies to ensure suspicious emails are blocked before reaching the intended target.
There are also a few simple things you and your staff can do when you think you have been targeted by a phishing attack.
If you have received an email, you can report it as a phishing attack. If you are using Outlook, you can right click on the email, go to ‘Report’, and select ‘Report Phishing’. This will be reported to Microsoft and will help protect you and others against future phishing attempts from the same sender.
If you have received a text message, you can block the number to ensure you do not receive future texts from this person. You can also report the text for free by forwarding it to 7726. If you forward a text to 7726, your provider can investigate the origin of the text and arrange to block or ban the sender, if it’s found to be malicious.
As well as protecting yourself, it is also important to consider the people and companies you work with. If you have a phishing email/text that is claiming to be a person you know, or a company you use, you should also reach out to them via a confirmed communication route (such as a number or email address found on their official website).
If you would like to discuss how we can help support your business to be more cyber secure, please drop us a line at contact@mckeownscullin.com.
Comments