Over the years digital communication has become indispensable within many companies, allowing cyber criminals to attack in new innovative ways. The one we’ll be discussing in this blog is phishing, an online scam where hackers pretend to be someone else and where they often use social engineering to obtain money, personal or business data.
Phishing, what is it?
Phishing attacks are one of the most common security attacks and can be done by social media, phone calls, messages or emails. Hackers consciously choose these methods because it is the easiest way to penetrate an IT infrastructure by using Social Engineering.
Within information security this stands for psychologically manipulating recipients (targets) to share personal or business information with them. In doing so, they pretend to be a trusted person (e.g. boss at work) or legitimate organisation (e.g. Netflix) in order to gain trust.
Who is vulnerable for phishing attacks
Never assume you can’t become a victim of phishing attacks because it gives hackers a chance to strike. Why? Because it often involves a lack of caution and a lack of resources to protect oneself or a company. In other words both individuals and companies can become a victim of phishing attacks and should learn how to recognize these attacks.
For example, as a small business you might think that your company isn’t big or valuable enough to catch the eye of cyber criminals. But that’s wrong! In fact, this is one of the biggest mistakes you can make as this often comes with a lack of resources to protect the data within your company against attacks.
How can you recognize phishing mails
- Questionable sender
Click the name of the sender to show the mailing address. Have you received mailings of this sender before? Than you probably should not worry that this is a phishing mail.
Haven’t received mailings of this sender before and does the mailing address look suspicious? Then be sure to check the next bullets to avoid becoming a victim of a phishing attack. What is a suspicious mailing address? For example, if an organization uses a @gmail.com or hotmail.com mail address it’s very likely that you’ve just received a phishing mail as legitimate organization almost never use a personal mailing address.
- Irrelevant content
Is the subject and the content relevant to you and does it match the sender? Is it a professional mailing without spelling errors accompanied with an appropriate greeting and salutation? Then you probably don’t have to worry, read on to be sure.
- Offer too good to be true
Is there an offer of a company that looks too good to be true? Does it seem odd that this offer has been made only in exchange for some personal or business related data? Odds are that it actually is too good to be true and that you’ve received a phishing mail.
- Requires a rapid (trans)action
Do you need to perform a rapid (trans)action so that a certain agreement or license doesn’t expire? Then it’s most likely that you’re dealing with a phishing mail. Legitimate organisations announce these things in advance.
Not sure? Check the original website to see if you can find any information or contact them. It’s also good for them to know that cyber criminals are using their company in phishing campaigns.
- Suspicious link(s)
Make sure the link matches the content in the e-mail. In many cases hackers place the link behind a button so that it is not immediately noticeable. Therefore, teach yourself to always check a link before clicking on it. You can do this by hovering the link on your computer and by holding the link for several seconds on your smartphone.
What to do if you receive phishing mails
- Contact the person or company that was used in this phishing mail. You can do this by phone, mail or a contact form at their website. Do not click any links or attachments in the mailing you’ve just received!
- Mark the received mailing as spam and inform your colleagues if you received the message on your business mail.
As we mentioned in the beginning of this blog, there are also phishing attacks that make use of social media, phone calls, text messages and even letters. Hackers always look for new, innovative techniques that they can use to accomplish their goals.
Would you like to test your employees’ knowledge of phishing attacks? Then please contact us! Our experts will take care of an elaborated phishing campaign with the aim of recognizing phishing attacks and becoming aware of the possible dangers.