Have you fallen for the Phishing bait?
The chances are you’ve received a Phishing email in your inbox recently. These emails can appear to come from anyone, but more importantly, they appear to come from companies or services you are subscribed to. They are often created with fake links to websites designed to steal your personal data.
There are some tell-tale signs of these fraudulent emails and we have gone into some of them here to help you become aware of these messages, ultimately helping you to become a better defender of yourself and your organisation.
1. Trust your instincts
These messages sometimes just don’t look right. They may have results on them that are too good to be true, or include wording that just isn’t right for the correspondence you have received. If it just doesn’t look right, it probably isn’t. If it has come from someone you know, then phone them to ask if they have sent it through – never respond to the email they sent just in case the Phishers have compromised the account.
Most phishing emails that appear to come from large companies will include generic greetings, such as “Dear Customer” instead of addressing you personally.
3. Know your sites and links
The fake links in these emails will usually point to very convincing sites that look just like the sites you are expecting to see. Check the address bar in your browser to see where the site is. Sometimes they will be cybersquatting on website names, making the address look real – along the lines of www.hotmai1.com and sometimes even add a subdomain – web.google.com. You are also able to inspect links before clicking on them. Hover over the links in the mail before clicking, you will be greeted with a pop up bubble which will tell you where the link is taking you. If you have an email purporting to be from Netflix and the link says it is going to somewhere like http://vxs.domain.company.com/asp20-cc then this isn’t really going to Netflix.
4. Specific Personal Information
Phisher’s will use personal details found online through services like LinkedIn, Facebook and Twitter. This can include previous employment, personal interests and job titles. If you receive an unexpected email with this sort of information you can certainly class it as a Phishing attack.
5. Check the content
Emails coming from large companies will be proof read. They will not have poor grammar and spelling. Phishing emails will certainly have these errors. They will also include unnerving phrasing and a sense of urgency about them in order to trick you into doing something without checking first. Phrasing like “Your account has been breached, you have 12 hours to respond or your account will be closed” will be used to trick you into making a mistake.
6. Competition Winner
Did you enter a competition recently? No? Have you received an email saying you’ve won the grand prize? Yes? How can you win a prize if you haven’t entered something? Always keep an eye on what you enter, which surveys you complete and where they are from.
7. "Please verifty..."
These messages will often spoof real verification messages. If you receive one of these, ask yourself why you are being asked to verify credentials, what credentials are they after – there is a very good chance these are scams. If you are unsure then contact the company who purported to send the email by phone. Again, never respond to the email received – call the sender if you are unsure.
8. Have you fallen victim?
If you are worried you may have fallen victim to any of these scams then call us immediately and we can help you check suspicious activities on your accounts and devices. We can also help you;
A– Change your passwords – having trouble remembering more than one password? We can recommend password managers that are safe and will take away that hassle.
B– Make sure your Anti-Virus and Anti-Malware protection is up to date and in good working order.
C– Talk about 2 factor authentication. This is a good way to secure your emails if you are on Office 365. We can turn this on for you and whenever you access your emails you will have a code sent to another device which you then have to give to the login screen. Without both your password and your code you will not get access to your account. This makes it harder for your account to be compromised.
After reading through these, if you aren’t sure or need any help regarding emails that you may have received, then please pick up the phone and call us on 020 3301 6920 to speak to anyone in the office. We will be able to help you through the emails and check if they are legitimate or not.
Securing your IT systems is an essential part of business operations, if you have any questions regarding your IT security speak to our team today.