SCHOOL’S OUT FOR SUMMER!
The summer holidays are here at last! That means two things – fun times and work experience for school leavers. So here at Seriun we thought why not combine t...
The summer holidays are here at last! That means two things – fun times and work experience for school leavers. So here at Seriun we thought why not combine t...
Microsoft Dynamics 365 is a family of cloud-based Apps for businesses that bring together CRM and ERP. Sales and Marketing, Customer Relations, Finance and Op...
On the 20th August 2019 we were treated to a wonderful evening with the Love Local Networking group hosted by Rachel Kay. We set sail on a canal boat from Houg...
A NEW networking group is inviting local businesswomen to its first meeting at Oldham Golf Club.The Oldham Unique Ladies’ group is aimed at helping local busine...
A great opportunity has arisen for you to meet Azhar Iqbal, Founder of TYREOO and Colne Tyre Services! They're are changing the industry with their new end-to-...
Morning all , I would like your help please? I am a finalist in the Manchester Lifestyle Awards and up for 2 categories BEST ENTREPRENEUR & BEST INNOVATIVE B...
Phishing is a form of internet fraud where cybercriminals often impersonate a reputable firm or individual with the aim of exploiting a person’s private information, usually for financial gain.
This way of hacking is becoming increasingly popular with cybercriminals, as it is far easier to infiltrate a person’s private information with a seemingly legitimate email, than break through robust security systems protecting such information.
Why phishing attacks are successful
Social engineering is one of the main ways businesses succumb to breach, usually through e-mail phishing attacks. Tactics are employed to gather Personally Identifiable Information (PII) such as bank details, phone numbers, addresses, occupation details, job titles and names of fellow colleagues. Once the attacker has this information, they can craft a believable message containing a malicious link or attachment which the victim is lured into interacting with. Because the email appears to be from a credible source, or known person, the attack is often a success – a link is clicked, a pdf opened, or bank details entered into a request form. Just like that your information has been captured and you have opened the gateway into your business – you are now under attack and you probably won’t even know about it until it’s too late!
Types of Phishing
Spear Phishing is when scam messages appear to be from a credible known sender, like someone from within your organisation, and you believe the mail to be genuine so act upon their requests.
Whaling attacks are a type of spear phishing and so are similar in approach. The main difference being that they target more senior members of a business. Their objective here is to steal large sums of money, usually by deceiving an executive to authorise a payment. Similar to spearing, the victim’s PII is gathered to make the message seem authentic.
Pharming is another type of phishing that relies on DNS cache poisoning (this is the corruption of an Internet server’s domain name system) to redirect users to a fraudulent site that has the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
Spotting a Phishing Attack
Many phishing emails will often be poorly written – look out for incorrect spelling and poor grammar. They may also use promotional hooks to generate high click-through rates, like too good to be true offers and giveaways. It is common for phishing emails to be centered around major events, holidays and anniversaries or take advantage of breaking news.
How to Identify a Phishing attack
- Check the senders address – be suspicious if it is unknown, misspelt or has a ‘noreply’ address i.e. no-reply@google.support. Also, ‘q’ is often used instead of ‘g’ in email addresses, or an underscore is present, both of which are easily overlooked at a first glance.
- Mouse over a hyperlink or attachment to reveal the actual address. You should be able to tell if this is an imitation address, i.e. drive-google.com, or it may have an unusual suffix i.e. ‘mailru382.co.’
- The message will contain a Call To Action (CTA) element i.e. a button or a link to click, which will probably take you to a fraudulent site asking you to verify personal and or financial information such as passwords, user IDs or bank account information. Be aware and check the credibility of the source, even if they seem legitimate i.e. your bank, Dropbox, Microsoft, Google Drive etc. Maybe even call the alledged sender to check if it really is them that have sent the message, before you click a link.
- Be suspicious of any email message declaring you have won something then encourages you to click a link to claim your prize.
- Look out for misspelled words and special characters inserted in inappropriate places.
You also need to maintain vigilance when using the internet. Be wary of pop ups as they can direct you straight to fraudulent websites. Always make sure there is a small padlock icon at the beginning of the address bar to show the page is secure. This is particularly important when you are using a payment portal where you are submitting bank details.
We highly recommend that you have data protection and Antivirus software installed for that added security. However, it’s all good and well protecting your perimeters but if a legitimate looking phishing email finds it’s way inside your organisation, it’s your army of people that need to be prepared so they can identify it before falling foul to the attempted attack. This is why we suggest your team undergo social engineering and phishing training to get their defences ready.
How We Can Help
This is just a brief overview of phishing and how to identify malicious emails and links. If you have any concerns you would like to talk through, or want to find out more about our data protection and security services, please give our experts a call on: 01282 500770.
We offer social engineering training and data protection solutions, so please get in touch to see how we can help protect your business.
Welcome to our Level 3 Emergency First Aid at Work course! This intensive one-day training program is designed to provide individuals with the skills and knowle...
We’re excited to join voluntary adoption agencies (VAAs) across the UK for Big Adoption Day and, as part of this, will be holding an online event on Wednesday 1...
On Wednesday, 15 January 2025, at 218 Tulketh Road, Ashton, Preston, PR2 1ES from 1pm to 3pm, we’re very excited to open our doors, to join voluntary adoption a...
On Wednesday, 15 January 2025, from 1pm to 3pm, Caritas Care are excited to open their doors to join voluntary adoption agencies (VAAs) across the UK for Big Ad...
On Wednesday, 15 January 2025 we’re excited to open our doors to join voluntary adoption agencies (VAAs) across the UK for Big Adoption Day. If you’re consideri...
Networking, GB Update and New ConnectionsAs our share platforms have continued to grow, so too have our online meet ups! Join us for our next fortnightly meet...