View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 19, 2015

5 ways to protect yourself from phishing attacks

News: Top tips to not have your data scooped up by hackers.

By Charlotte Henry

Phishing attacks are still one of the most common forms of cyber security attacks. They involve fraudsters sending out often hundreds or thousands of fake emails, normally designed to look like a trusted company, in order to get access to confidential data.

Spear fishing attacks operate on a similar princple, but are targeted at specific orgnaisations, or groups of individuals.

Here are some ways to make sure you are not reeled in by one.

1. Check the sender’s domain

Is the person sending you an email really from where they say they are? Hackers usually use domains that are similar to legitimate ones, but are not actually the same format as the official ones an organisation would use.

If you have corresponded with a company before, check what the official domain they actually use is, before clicking on a link from someone claiming to come from that firm.

2. Would this company really ask you for that information?

Banking organisations would not ask you to enter account details, for example, so anyone claiming to be from a bank who does that should immediately raise suspicions.

If the email purports to be from a supplier or company you’ve interacted with before, check that their data requests this time are in keeping with previous occasions. If in any doubt, speak to a contact at the firm and find out if and why they need this information.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

3. If an incorrect password lets you in, stop typing

If you do click a link and then your suspicions are raised, enter a password that you know is wrong. If this appears to sign you in it is very likely that you are on a fake website, and the potential victim of a phishing scam. The fraudsters will not have the database of correct passwords (or they would not need you to get the credentials,) so they just assume people put the right thing in when asked to, and collect up the data.

If you know the password you put in is wrong, but you’re still logged in, do not enter any more information.

4. Check the website URL for any links you click

Hackers conducting phishing attacks often guide you to website that look entirely legitimate, as if it comes from the company they claim to come from. Obviously they will not own the real domain though, but use something that looks so similar to the real thing you’re unlikely to know unless you look closely.Make sure you do!

5. Don’t panic and speak to the real vendor

One of the social engineering tactics often deployed in phishing attacks is to panic the user, threatening that an account will be disabled, or similar, if information is not passed on quickly.

Pick up the phone to the vendor and ask if this really is the case, particularly if you have a business relationship with them.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.