Phishing attacks are still one of the most common forms of cyber security attacks. They involve fraudsters sending out often hundreds or thousands of fake emails, normally designed to look like a trusted company, in order to get access to confidential data.
Spear fishing attacks operate on a similar princple, but are targeted at specific orgnaisations, or groups of individuals.
Here are some ways to make sure you are not reeled in by one.
1. Check the sender’s domain
Is the person sending you an email really from where they say they are? Hackers usually use domains that are similar to legitimate ones, but are not actually the same format as the official ones an organisation would use.
If you have corresponded with a company before, check what the official domain they actually use is, before clicking on a link from someone claiming to come from that firm.
2. Would this company really ask you for that information?
Banking organisations would not ask you to enter account details, for example, so anyone claiming to be from a bank who does that should immediately raise suspicions.
If the email purports to be from a supplier or company you’ve interacted with before, check that their data requests this time are in keeping with previous occasions. If in any doubt, speak to a contact at the firm and find out if and why they need this information.
Content from our partners
3. If an incorrect password lets you in, stop typing
If you do click a link and then your suspicions are raised, enter a password that you know is wrong. If this appears to sign you in it is very likely that you are on a fake website, and the potential victim of a phishing scam. The fraudsters will not have the database of correct passwords (or they would not need you to get the credentials,) so they just assume people put the right thing in when asked to, and collect up the data.
If you know the password you put in is wrong, but you’re still logged in, do not enter any more information.
4. Check the website URL for any links you click
Hackers conducting phishing attacks often guide you to website that look entirely legitimate, as if it comes from the company they claim to come from. Obviously they will not own the real domain though, but use something that looks so similar to the real thing you’re unlikely to know unless you look closely.Make sure you do!
5. Don’t panic and speak to the real vendor
One of the social engineering tactics often deployed in phishing attacks is to panic the user, threatening that an account will be disabled, or similar, if information is not passed on quickly.
Pick up the phone to the vendor and ask if this really is the case, particularly if you have a business relationship with them.
