Phishing can take the form of emails containing website links or malicious attachments. Cybercriminals send bogus emails, instant messages, text messages – even letters – to lure their victims in. These communications can often, at first glance, appear to be authentic communications from legitimate organisations. Links embedded within an email can take you to a spoof website where your login details may be requested, stored, and ultimately misused. You also run the risk of your computer or smartphone being infected by viruses.
Once these cybercriminals have access to your personal details, they use this information to commit fraudulent activity such as bank fraud and identity theft.
Spear phishing takes a more sophisticated approach. It aims to win the trust of a victim through personalized messages which appear to come from a trusted source with the aim of eliciting sensitive information to derive some form of financial gain.
As with email communications used in regular phishing expeditions, spear phishing messages are designed to look like they come from a trusted source, such as a trusted website (classic examples being eBay or Paypal). In the case of spear-phishing, however, the fraudster is likely to be someone known to the recipient, or their company.
How to spot a phising email
What can you do to protect yourself from a phishing scam?
There are a number of steps we recommend you adopt to protect yourself from this ever-growing form of cybercrime:
- Be proactive. Where personal information is requested by email/phone, never give it. Where telephone numbers/links are provided in these communications, don’t use them. Contact the organisation through their official website (look out for the “https” prefix, indicating it is secure), or listed telephone number to verify the communication is legitimate.
- Ensure your anti-virus software is up-to-date and enable your spam filter. If you are suspicious of an email, mark it as spam and delete it. This prevents future messages reaching your inbox.
- Beware of unknown sources. Don’t click on links featured in emails sent to you by a source you don’t know (and even if they’re purported to be from one that you do, be on your guard).
- Remember that your bank will never contact you via email asking for sensitive information such as passwords.
IT Security - Email Security Awareness