Phishing is a type of cyber-attack in which attackers try to trick individuals into revealing sensitive information. Be it passwords, credit card numbers or personal identification, these attackers pretend to be a trustworthy source. They typically carry attacks out via email but have also been known to use phone calls and text messages. In ‘Phishing and how to avoid it’, we provide some tips on how to recognise and avoid such attacks.
What is phishing?
As aforementioned, it is a form of cyber-attack in which malicious actors use deceptive tactics. The objective is to access accounts or systems or to obtain sensitive / confidential information, such as the following:
- Passwords / passphrases
- Credit card numbers / financial data
- Social Security numbers
- Other sensitive information
Here is how a typical phishing attack works:
Deceptive Communication: Phishers create fake emails, text messages or websites that mimic trusted organisations. These can include banks, Government agencies, social media platforms or well-known companies. They often use official logos, branding and language to give their communications legitimacy.
Urgency or Fear: Phishing messages often create a sense of urgency or fear to prompt immediate action. For example, they may claim that an account is compromised and that you must reset your password to prevent unauthorised access.
Request for Information: Recipients of phishing emails or messages are typically asked to click on a link leading to a fake website. They are sometimes asked to download an attachment, or to reveal sensitive information such as login details.
Data Theft: Once the victim enters information on a fake website or shares it in response, the attackers gain access to their sensitive data. This can then be used for malicious purposes including identity theft, financial fraud and unauthorised access to accounts.
It is important to note that phishing attacks can be highly sophisticated. Attackers are constantly evolving their tactics to increase success rates. It is therefore crucial to stay vigilant and practice caution when dealing with unsolicited emails or messages. Even if a request for personal information appears to come from a reputable source, you must follow best practices for online security and awareness.
Tips on phishing and how to avoid it
- Be cautious of any unsolicited emails, messages or phone calls asking for personal or financial information
- Always check the sender’s email address carefully (Phishing emails often use deceptive email addresses that may look legitimate but have subtle differences, such as misspelled domain names)
- Look out for additional red flags such as spelling and grammar errors within the main message
- Never click on links that seem suspicious (hover your mouse over the links to see the actual URL)
- Verify the source of the email or message by contacting the organisation directly (use contact info from the official website or other trusted sources)
- Stay informed about the latest phishing techniques (share this information with friends, family and colleagues)
- Be cautious about sharing personal information on social media platforms and other online forums
- If you receive a phishing email, report it to your email provider (also consider forwarding the email to organisations being impersonated)
In ‘Phishing and how to avoid it’, we’ve pointed out measures to take to prevent phishing attacks. Additional actions that will help are as follows:
- Use 2-Factor Authentication (2FA) / Multi-Factor Authentication (MFA) wherever possible
- Install security software on your computer, smartphone and other devices and keep it up to date with regular updates and patches
- Use email spam filters provided by your email service provider to help identify and quarantine phishing emails
The key is to be cyber aware, to educate yourself and your organisation on potential cyber-attacks. You should always exercise caution when dealing with any incoming emails or messages.