There is a lot of talk in the media and on the internet
about phishing. But what is phishing, and why so much talk about it?
Let's answer that in reverse, because it is simpler.
Why all the talk about phishing?
Simply put, it is the leading method of attack that cyber criminals, hackers and nation states use to gain illegal access to government, companies and people's systems, devices and data (yes, people just like you and I). It is a sneaky attack that pretends to be someone or something you trust when it is quite the opposite.
What is phishing?
(apart from being a not very descriptive term)
The most common form of phishing is via email (although SMS and instant messaging are becoming common too).
We have all received phishing emails - an email pretending to be for a delivery that you didn't order, or a gas, electricity or telecommunications bill from a company that you don't even have a service with. Sometimes, they also pretend to be from a bank or government agency, such as the tax office. Often they will appear to be from a company or service that you do have an account with.
The one thing they all have in common is that they want you to open the email/sms and click on the link, often with a sense of urgency.
Maybe it is the prom
ise of a bonus item if you are quick, or a penalty/fine if you don't click now, or tracking number for you to click now so you don't miss your delivery - they use any tactic they can to entice you to click on the link.
Even though the link looks legitimate (it may even display the proper website name), when you click it, it will almost invariably take you to a web
site that looks so much like the genuine one that you are happy to enter in your username and password or personal details . . . the only problem is, you are entering into the attackers website, not the genuine one, and they are capturing and storing all of the details you enter - yes, your username and password !!!! They then use this to access the legitimate website using your data, bank account, email or other services . . . and then they also sell it to others for them to do the same.
“Phishing is sneaky, deadly, effective and very common - that is why you hear about it so much”
How to spot a phish and what to do:
Phishing emails/sms/instant m
essages may look like the real thing, but they are not, and you can easily check an make sure:
Is it something that you were expecting? If not, automatically be suspicious and treat it as a phishing attack.
If it makes you feel a sense of urgency to click the link or open the attachment then be even more suspicious !
At this point you can easily avoid any further risk by deleting the email/sms and then manually type and navigate to the proper website in your browser or open the official app (like the banking app)
If you want to be even more sure that it is a phish, you can also do the following, but be extra careful not to click links or open attachments:
Check the sender's details - not the senders name, but the actual email address/account
Is it from a legitimate companies email address - pay close attention to the spelling . . . it is common for them to use tactics like this: firstname.lastname@example.org or email@example.com
You can also 'hover' over the link, making sure not to click on it, and this will reveal the real website address
Ultimately, if you suspect it is suspicious then treat it as such and just delete it. If it is genuine, and important, they will probably send you a letter anyway.
“Don't be the next victim of a phishing email, sms or instant message - be vigilant and if in doubt just delete it.”