I say almost always. there are ways you can ethically Phish. But the issue is, how do you prove you didn’t collect or do anything with the data you acquire?
What is Phishing?
The analogy comes from the fact that when you go fishing, you cast a line with some bait attached in the hope you get a bite.
These emails are the same – within them, there will be content that is often tempting.
Why? Well they’ll regularly lead you to believe there is some matter of urgency, a threat to an account or that there’s a great benefit to you – something like we owe you £463.27. Realistic and we’d all want money for nothing, right?
But in reality, they’re trying to harvest your information. In some cases, they’ll ask for sensitive information about you. But be careful, they may also have a malicious attachment or send you to malicious links.
This video guide gives you some simple tips on what you can look out for.
Why is it illegal?
Firstly, the way they get your details tends to be unethical. Whilst not always unlawful, they trick you into giving up personal data and even passwords so they can gain access to your accounts.
Whilst they might get the information and not do anything with it, how can they prove it?
In most instances, the data collated about you can help the sender commit fraud by stealing your identity. This is of course where it becomes illegal.
Are these emails common?
Yes, very. Many people fall for them as well. They’re made to appear like an email from a trusted source. We regularly see large companies imitated, including PayPal, eBay and HMRC too.
Some of them can even get quite personal in a spear-phishing attack. This is where you may wish to review what you post on social media and who can see what you post.
If your social media posts are public, this can be used to accumulate personal information about you.
And of course, you’ll trust these emails even more if they seem to identify things about you that are realistic and true.
What can you do to protect yourself?
The below summarises the key things you can do specific to Phishing, but there’s 14 more ways to protect your business from a cyber attack.
Be vigilant! The video above gives you tips on what to look out for. Chances are, if an email does come through, is it too good to be true. If so, it usually is. Trust your gut – did you do anything to initiate getting that email?
Have more awareness of what you’re posting on social media and who can see it.
If ever you’re in doubt – call the company that supposedly sent the email. It is important not to ring any phone numbers displayed in the email though! Find their official number on their website instead.
Most platforms also have an email address where you can forward the email to, check on their website or call them for more information. eBay, PayPal and HMRC all have ways of reporting these emails.
By reporting them, you’re helping them figure out who is sending the emails and also they can raise awareness to others that might be getting the same emails.
Cyber crime continually evolves and exploits vulnerabilities in companies and people. To ensure you keep up to speed on the latest hints and tips to keep you and your business safe, simply keep your eyes peeled on our blog.