What is Phishing? Learn how to spot a scam

CyberSecurity Blog Series Phishing

What is Phishing? Learn how to spot a scam

What is Phishing?

Phishing is the most popular form of Social Engineering. Via email mainly, this describes when an email is received that resembles an authentic email sometimes (but not necessarily) even from a genuine sender. These emails are trying to illicit a response that will in turn provide some information to the originator.

A common example of this is when you receive an e-mail from your bank, with what seems to be a legitimate return address, requesting you to perform a task such as confirming your banking password or personal details.

Signs to watch for

  • If you’re asked to follow a link, and it seems authentic then there should be security on the site if you are entering personal details. Look for the secure S after the http in the URL (https://) so you know that the site is secure. It is unlikely a cybercriminal will secure the sites they have put up which require additional time money and administration.

    UPDATE: To helps users browse the web safely, starting January 2017, Google Chrome will include a warning for unencrypted HTTP pages that collect passwords or credit cards as non-secure. Unencrypted HTTP is particularly dangerous for login pages as it could allow an attacker to intercept passwords as they travel across the network.

  • Take notice of the reply address, does it look real, is the syntax correct? Often the reply address can show if the sending party are who they are representing themselves as.

  • Double check any links that are in the body of emails. If you hover your mouse over (or long press on a smart device) a link is displayed. If it doesn’t start with the correct address, then chances are it’s a scam. Don’t click links without checking them first.

  • Check the overall grammar or spelling of the email. In many cases, the format is not quite right or the request seems a little unprofessional. Cybercriminals don’t normally have a proofreading stage, and you can see this a lot of times in the quality of their communication.

Security tips

If you receive an email that flags up with any of the above signs, simply delete it permanently. Clicking links or following the advice can potentially infect your machine, and replying with any information will compromise your identity for theft. If something just doesn’t feel right, delete. Genuine requestors will follow up with their other contact details or you can verify with them yourself if you need reassurance.

Being aware of the types of cyber scams is the best way to prevent being a victim. Test your knowledge in our 10-question Quiz “Are you the weakest link?” to see your ability to stay safe in today’s tech-driven world.