With the lead up to Christmas cyber criminals will take the opportunity to target more victims in the hope that someone will fall for their ever more sophisticated phishing emails.
The lead up to Christmas is an attractive time period for cyber criminals to increase their cyber attacks due to the increase of online shopping and businesses liaising more with their customers and suppliers. Not only this but targeted phishing attempts around staff pay and back accounts for staff and customers are increasingly more popular in this period.
Here is a recent example of a phishing email requesting change of bank account information. This would be considered a targeted and more sophisticated phishing attempt;
Tips to help you spot a Phishing Email;
- Check the domain where the email was sent from (this is the name after the @ symbol). Does the domain name match the organisations name? No legitimate organisation will send an email from a public domain (eg @hotmail.com or gmail.com). It is best practice to look at the full email address not just the senders name.
- Is the email poorly written? Poor spelling or grammar can often give away the legitimacy of the email. Many Phishing email attacks come from foreign countries where English isn't the first language.
- What is the overall quality of the email? Does the email look legitimate and is it what you would expect from the organisation/person that it is supposed to come from?
- Does the email contain suspicious attachments or links? In a suspicious email, attachments and links can either contain malware designed to infect your device or network, or lead you to a malicious page which will harvest your details.
- Is there urgency in the email? Cyber criminals don't want you to have time to think about the content of their email so they will write it with a sense of urgency asking you to 'act now' before it is too late.
- Were you expecting the email? If you weren't expecting the email you should reach out to the sender via another communication channel such as the email address you would usually contact them on or phone them to query the email.
Taking the time to read through the email and following our tips can help you avoid falling victim to a phishing email.
If you are suspicious about an email you have received and unsure what to do about it you can report it to the National Cyber Security Centre's (NCSC) suspicious email reporting service: email@example.com