Phishing, and how to identify it?

Image by pickawood on unsplash

Written by kaitlyn Hogg

Phishing is a term used to describe attempts made to obtain and use personal information through the disguise of a reputable organisation. Phishing emails are well thought out emails that are created to resemble harmless company emails. Many phishing emails tend to use well known official logos and other branding that may lead you to believe that they are the true and trusted company. However, these emails are much more sophisticated compared to a “click here to win £100,000” email, as their camouflage and formal language makes it hard to bypass their malicious tendencies. Aside from phishing emails, there are other routes cyber criminals may take in order to access personal information – such as phone calls and whaling.

Phishing definition

phishing is a type of social engineering where an attacker sends a fraudulent (“spoofed”) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.

From Wikipedia, the free encyclopedia

How to spot and keep safe from phishing emails

Spotting such complex and inviting emails can be difficult. However, there are ways to recognise such communications.

Attachments: If you spot attachments at the bottom of an email, do not click it! First, if the email is from colleagues, schools, and small company invoices, there is a high chance that the attachment is safe. However, if the attachment is from an email that you may think is suspicious, such as a large company or your bank asking you to fill in a form – it is most likely a phishing email, do not attempt to open the attachment. 

URL: Hover over the email address itself at the top of the page, does it look suspicious? If so, there is a high chance that the email is dangerous. You can check the company website in which the email is claiming it is from, and if the email is not the same – do not reply or click links that may be included in the email.

Spelling: Double check the spelling in the email, a professional email will rarely contain any mistakes. Spelling errors, such as replacing a o with a 0 is a common trick that cyber criminals tend to use in order to catch out their victim.

Make sure to double check all of these possible indicators, and if you spot any, alarm bells should ring immediately. The best way to deal with this type of email, is to report it to your email provider and take a screenshot of the email in case evidence is needed, but most importantly, delete the email as soon as you have followed precautionary measures so you do not accidentally go back to the email later on and fall victim to cyber criminals. 

Protecting yourself from phone call scammers 

Cyber criminals do not solely limit themselves from emails. Some cyber criminals have taken it upon themselves to move to phone calls. The ways in which to spot these phishing calls include:

Are you expecting the call? If you are not expecting a phone call from the company that is calling you, they most likely are not the company they are portraying themselves to be.

Asking for bank details: If a company calls and asks for your bank details, they are not the true company, you should never be asked to give over information that is vital over the phone.

Broadband calls: if you get a call from a broadband company that you are not from, the most likely explanation is they are scammers, do not give any personal information over, simply put the phone down. If you believe they could easily catch somebody else out with their scam, report the phone number to websites that explain what the number may be calling for, such as ‘who called?’.

Click here to find out more about phishing, and how you can protect yourself from it.