We hear a lot about “Phishing” but what is it?

Phishing has become a very popular method for hackers to use to try to attack us because it is so easy to attempt.  It is also, unfortunately, one of the easiest hacks to fall for.

One successful Phishing attack can provider a hacker with everything they need to access your personal or work accounts, including emails, bank details and more.

A Phishing attack is usually carried out over email, although there are variants (see definitions below) that use other methods.  The goal will be to get you to hand over passwords, alter your bank details, make payment: basically, to trick you to do what the fraudster wants.

Phishing is also a way for hackers to deliver malware.  They try to get you to visit a link, download a document or watch a video that will secretly install malicious software.

There are even “Long Con” phishing attacks that use fake social media accounts to entrap a victim over weeks or months.

How do I spot a phishing attack?

Many of the less professional phishing operators still make basic mistakes in their messages.  So if you see an email message that is supposed to be from a reputable organisation (like your bank) with obvious spelling, grammar or punctuation errors then you should be very concerned.

Often, the attack will encourage you to click a link.  Usually, if you hover over a link embedded in an email, the destination will be displayed.  If the destination looks strange- don’t click!

In fact, that’s probably the simplest and most effective advice that we can give when it comes to links in emails- treat all of them as suspicious!

Another simple thing to look out for is the senders email address.  It’s easy to change an email “Display Name” to anything you like.  But the actual sending email address will often give you more information.  So if it looks as if your boss has just sent you an email asking him to pay a bill but the sending email address is an unusual gmail account then beware!

These few paragraphs are really the “tip of the iceberg” on this subject.  So if you need any help or advice on any aspect of IT security for your business, please do not hesitate to contact us.  It’s not easy to put a figure on how much this sort of fraud costs businesses around the world every year but in the US alone, the FBI estimates the cost to be around $5bn.

Oh, and here are the definitions we promised!

Vishing: a phishing attack carried out by telephone.

Smishing: a phishing attack carried out by Social Media

Spear Phishing: a phishing attack that is targeted to an individual or group of individuals