4 Simple Ways You Can Avoid A Phishing Scam
17 August 2017 15:02
According to Verizon, 90% of data breaches contain significant elements of social engineering. Now, trying to trick users into handing over personal and sensitive information is nothing new, but the manner in which these figures are soaring is a new concern for all of us.
The fear of being scammed through phone calls and physical letters are, in this day in age, overshadowed by email phishing scams. Of course, many of us feel as though we would never fall victim to such attacks... but, frankly put, we're all at risk.
These words aren't chosen for scare tactics. The truth is, many of us believe that we're able to spot the signs of a fraudulent email, without actually knowing what the real signs are. Simply knowing not to interact with an email that is asking for personal information isn't enough to avoid a phishing scam - especially with these attacks becoming more and more cunning.
From the automatic ‘mailer’ technique of launching a high volume of emails targeted towards the more susceptible users - to the more direct technique of ‘spear phishing’ a specific individual of certain importance to an organisation, all of us have the potential to take the bait. That is why spotting the warning signs of a phishing attempt is important.
So, to get you started, we've put together four simple security practices you should follow in order to avoid being reeled in.
Be smart and be vigilant
In our working days, it can be difficult to fully concentrate on tasks 100% of the time, especially when churning through a backlog of emails. But if/when you receive an email asking for personal information, it's time to be smart.
Legitimate organisations should never request sensitive information via email, especially banks. If you are suspicious of the email, then contacting the original sender can be a good option to take. Looking out for ‘red flags’ or warning signs is also a good technique. If the email is asking for information such as your password, then this should be reported to your IT department.
Don't give in to scare tactics
Phishers like to get you to react quickly - and they have a range of proven techniques to do so. Scare tactics, such as threatening to disable an account or delay services until you update certain information, can often make an employee unwittingly hand over their personal information through a state of urgency. Fraudulent emails that appear to be from your IT support team asking for a password change is a common example.
Be sure to contact the merchant directly to confirm the authenticity of their request, and raise the issue to IT should your suspicion increase.
Be wary of noticeable mistakes... even the intentional ones
Employees tend to be common targets for hackers and they will continue to be until employees stop reacting to phishing emails and happily giving away their information. Most phishing emails contain blatant indications of being fake. Punctuation can often appear different to that of legitimate ones, with typos, excessive exclamation marks (especially for scare tactics) and capital letters indicating that they might not be from an authentic source.
Even the way in which the email greets the user can be a suspicious sign. Common examples are ‘Dear Sir/ Madam’ and ‘Dear Customer’, which both noticeably show a lack of personal details, such as your name, not being available to them. Although many of these mistakes are genuine errors by the attackers, intentional mistakes are also used in order to pass spam filters, improve responses and to weed out the more savvy recipients who are aware of such scams.
Don't click that link!
Never use links in an email to connect to a website - unless you are absolutely sure it is authentic. Instead, open a new browser window and type the URL directly into the address bar. Often, a phishing website will look identical to the original - look at the address bar to make sure that this is the case.