One thing at a time….Phishing

Cyber security is such a massive area – it can seem totally overwhelming trying to think about how to keep your information safe.

So let’s take just one thing at a time, and keep it simple.

So, today, we will just look at phishing.  What is it?  And how can I protect myself from it?

What is phishing?

Phishing is the practice of trying to trick computer users into giving away money, usernames, passwords, bank details, or other valuable information.  The word is based, of course, on fishingwhere a hook is used to catch fish to pull from the water.  Similarly, with Phishing, the intention is to place “bait” (often in email form, but they can be phone calls, texts, social media or other methods) into the “sea” of internet users, in the hope that some will “bite” and click on the link / provide their username and password / transfer the money as requested / etc…

Phishing examples

The North East Business Resilience Centre (NEBRC) recently released this short video of a member of staff describing a phishing scam she encountered.

Watch video

It’s a great example of how normal a phishing email can appear.

Here are a few more specific examples to help you know what to look out for:

Phishing examples

How can i spot a phishing attempt?

  1. The message is sent from a public email domain (i.e. ends in aol.com / hotmail.com / gmail.com etc, rather than an organisation’s own domain)
  2. The domain name is misspelt. (even a single letter difference means it is NOT the domain it is pretending to be from)
  3. The email is poorly written. (spelling and grammatical errors should raise suspicions)
  4. It includes infected attachments or suspicious links. (these may download malware onto your machine, or take you to a bogus website where you are asked to enter personal details)
  5. The message creates a sense of urgency. (the intention here is to stop you from being careful / asking the questions you might usually ask to check that it’s genuine)

What should I do if I suspect I have received a phishing email?

  1. Don’t click on any links or give any information
  2. Check directly with the apparently sender to check the authenticity
  3. Report to your IT department or report@phishing.gov.uk

Share this: