View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 11, 2014updated 22 Sep 2016 11:04am

How to protect yourself against phishing

In light of Safer Internet Day, CBR picks the brains of security specialist Lee Weiner to help you, your friends, family and colleagues protect yourselves against phishing scams.

By Vinod

As you mayalready know, this is Safer Internet Day. Although the day itself tends to be aimed at educating the next generation of Internet users, it also represents a great opportunity to reengage your end users about the importance of staying safe online.

If you are working in IT or security, you no doubt already know about security hygiene basics. But you could probably do with some help getting end users to take you seriously. So this week, in support of Safer Internet Day, CBR has teamed up with Lee Weiner – SVP of products and engineering at Rapid7, provider of security risk intelligence solutions – to bring you a series of useful guides that you can cut and paste into an email and send to users as a good reference for safe online behaviour.

User education is hugely important because increasingly the usersare the ones that represent the greatest threat to your environment – clicking on links, sharing information, losing laptops, downloading shady apps and using cloud services without telling you. Essentially every user is now a point on your perimeterand every user is a potential target.

First up to go under the spotlight is phishing. It can be easy to assume that everyone knows about phishing and wouldn’t fall for an email claiming they’ve won £100,000 or click on a link from a recipient they don’t know. But don’t be so sure. Reminding users again and again of the risks might help them become more judicious about which links they click.

So, here’s the lowdown on phishing:

What is phishing?

Phishing is basically someone using email to try to get you to do something or tell them something that enables them to compromise you in some way. As the name suggests, this typically works by dangling some kind of bait in front of you. One of the most famous examples of phishing is the Nigerian 419 scam, which lured people into giving their bank information with the promise of huge riches.

Other kinds of phishing emails try to convince you to open an attachment or click on a link. These can lead to your computer (or whatever device you read the email on) becoming infected with something nasty. Or it could lead you to unknowingly giving a criminal your security credentials for a site. For example, say you receive an email from LinkedIn saying someone wants to connect with you. You click on the link and you get the login page for LinkedIn. Pop your password in and land on the page you expected to be sent to. Everything looks normal and you have no idea that you just gave your LinkedIn password to a criminal.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Phishing that specifically targets you is called "spear phishing." This means the attacker uses information hehaslearned about you – for example from calling the switchboard or looking at your social networking profiles and interactions – and then creates an email specifically designed to look highly plausible to you. These emails can be very credibleand hard to spot. Why would someone want to target you in this way? They might not be targeting you personally, but using you as a way to get a footinthedoor of your corporate network. Or it could be that they’re ultimately after someone in your network. You never know how tempting a target you might represent to an attacker, so it’s important to be vigilant.

How can you protect yourself?

Perhaps the best way to view email is that potentially lurking behind every one could be a giant shark waiting to make its move. This is true whether it’s work or personal email, so you must treat every email with a basic level of caution.

Here are some tips to get you started:

Protect your information

Do not send sensitive information, such as bank details, over email. If it can’t be avoided, be sure that you know who you are sending them too and start a new email thread as opposed to replying to a chain and be sure to check the email address carefully.

Check the address

Be mindful of who is emailing you. Check email addresses for accuracy and look for signs of suspicious activity, for example if an email is not in the format you’d expect or a name appears to be spelt incorrectly. Email addresses made up of seemingly random combinations of letters and numbers may also be suspicious.

Don’t click on links

Hover over links WITHOUT CLICKING – the destination will show in the bottom left of your screen and you can see whether it looks right. If in doubt, Google the address you need rather than clicking on a link.

Don’t open attachments

Treat any attachment that you didn’t request as highly suspect. Send to the IT and security team if you’re not sure whether it’s safe and they will check it out for you.

Check with IT/ Security

If in doubt, email your IT and security team. They will let you know whether something is safe to open or click on. It’s better to be safe than sorry.

Phishing isn’t complicated, but this simplicity is the key to its success. Given the sheer amount of email we all receive every day, it’s tough to remember to be vigilant. So remember that shark lurking behind you!



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.