What is "Phishing" and how can I avoid it?

Updated: Mar 13, 2019

In recent times, Phishing scams and attacks have become a lot more common place and are becoming more and more tricky to spot! But what is Phishing and how do you avoid it?

Phishing personal data

What is Phishing?

Phishing is defined as "The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers." It's also one of the most popular ways for hackers to steal data because it can be so effective. Criminals will pose as a trustworthy source, such as a bank, a charity, an insurance firm, HMRC or other government department that you're likely to provide information to, and will use this information to break into your company's network or your personal accounts, whether that's your bank, email or something else.

Examples Of Phishing

Phishing comes in many forms. Often it can be a blanket email with very little personalisation.

For example:

Dear Customer, Here's your HMRC Transaction Confirmation : 5B64A41836932272264F - (Please retain for your records) You are eligible to receive a refund. We tried to send it to you automatically but we're unable to do so as we don't have your Credit/Debit Card details on file.
{Ready to claim your refund now?}
-have your credit/debit card ready
-open the application in your browser and login to your Customer Portal account
-follow the instructions on your screen Customer Portal
- Submit tax refund"

The issue with the above is that the "Customer Portal" was a false link and did not take you to a HMRC website but to a fraudulent website that looked genuine so I could easily have put my debit/credit card details in and had a potentially huge amount of money taken from my account without me even realising!

There are many other types of email scams you can get - people pretending to be from subscriptions services such as Netflix, or from companies such as Apple/iTunes. These are all good examples of personal Phishing attacks. However, it is not always generic such as "Dear Customer". We have seen on many occasions where emails have been heavily personalised - even mimicking email signatures, job titles and email addresses to create as close of a likeness to the real thing as possible, leading to non eagle eyed users potentially making a mistake and inputting personal details or transferring money to an incorrect bank account.

How To Avoid Being Phished

  • Never go to your Bank's website by clicking on a link included in an email

  • Double check email addresses for any misspellings indicating an incorrect email: Quintec instead of Quintech

  • Install and maintain updates with advanced Anti-Virus & Anti-Spam

  • Look carefully at content of email for signs it may be Phishing - Spelling errors, no personalisation, poor grammar

  • Only enter sensitive data on secure websites: In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.

  • If in doubt, don't click it. Just delete it!

If you have any questions on Phishing, Anti-virus or general IT security then get in touch with me today and see how we can help you improve your security moving forward! 01684 882774 / mike.philpott@quintech.co.uk

#Malware #Phishing