Cyber Awareness Month 2022 - Phishing

As we come to an end of the Cyber Awareness Month 2022, this last article is about phishing. Similar concept to catching fish except its cyber criminal’s goal to trick you into giving them your sensitive information, which could include official business data, bank details and personal information.

So, what is Phishing?

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment.

If you click on a phishing link or file, the danger is that unwittingly you could hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. 

See it so you don’t click it

The signs can be subtle, but once you recognise a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds and ensure the email looks legitimate. Here are some quick tips on how to spot a phishing email: 

• Does it contain an offer that’s too good to be true? 
• Does it include language that’s urgent, alarming, or threatening? 
• Is it poorly crafted writing riddled with misspellings and bad grammar?
• Is the greeting ambiguous or very generic? 
• Does it include requests to send personal information?
• Does it stress an urgency to click on an unfamiliar hyperlink or attachment?
• Is it a strange or abrupt business request?
• Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.co.uk.

Are you aware there are different types of phishing?

Spear and Whaling Phishing

But what do they both do differently? Let’s start with spear phishing which is where the cybercriminal is deliberately attacking a specific person and has crafted an email containing personal information to make them click.

On the other hand, whaling targets a big phish, often a board member or an employee with access to some particularly tempting assets.

How to Spot and Report Scam emails?

Report a scam email

Forward the email as an attachment to report@phishing.gov.uk from your personal email. Do not click on any links in a suspicious email.

• Forward as many suspicious emails as you like
• Send emails that feel suspicious, even if you're not certain they're a scam - NCSC can check
• Don't click on any links in a suspicious email
• You don't need to forward suspicious emails you find in your spam/junk folder

Here are some signs to lookout for, which might include:

1. Suspicious looking email source
2. Generic greeting like “Dear Customer” – instead of the customisation most organisations offer
3. Poor spelling, or a sloppy layout
4. Suspicious or unusual attachments – treat all attachments and links with caution

It’s important to report a suspicious email:

• it helps to reduce the amount of scam emails you receive
• makes yourself a harder target for scammers
• it helps protect others from potential cyber crime online

We hope you have gained some useful tips on protecting your cyber-self.

Happy Halloween everyone, see you all next year for Cyber Awareness Month 2023.

For further information please visit StaySafeOnline or National Cyber Security Centre (NCSC)

• https://staysafeonline.org/
• https://www.ncsc.gov.uk/

Information adopted from National Cybersecurity Alliance – Cybersecurity Awareness Month