Reports show that 95% of cyber security breaches are due to a phishing attack yet only 22% of businesses see phishing as a major security threat.
What is a phishing attack?
A phishing attack arrives in your inbox as an email that looks legitimate. The aim is always to entice you to click a link or open an attachment. The end result will be malware on your PC or you could be directed to a phishing site.
Most often, the email will appear to be from a bank or an online global payment system and will be designed to instil enough panic to cause you to click or interact. It could claim your account has been locked; or there’s a report of suspicious activity on your account, you must log-in now to rectify the situation… it’s easy to fall for.
Perhaps you think you’d spot a phishing email a mile off and there was a time when this was certainly the case. But phishing attacks have become more sophisticated than ever before. Some include social engineering techniques whereby they appear to be from someone known to you and include personal information (via social media detective work) in the body of the email. These are particularly tricky to spot.
50% of phishing links are clicked on within the first hour of being sent.
7 ways to spot a phishing attack
#1 Are they who they say they are?
An email isn’t always from the organisation shown in the ‘from’ field. Always check the sender’s address matches the domain name. And look carefully for deliberate mistypes like ‘paypol’ or ‘barclys’ that could be overlooked at first glance.
#2 Are they talking to you?
If you do business with the organisation the email appears to be from, you should expect to be addressed by name. If the email opens with a generic ‘Dear customer’, this could be a red flag.
#3 Inspect the links
You can see where a link is going to take you without clicking on it. Simply hover your mouse over the link to see the full address (remove your fingers from the mouse buttons to avoid your muscle memory taking over!). You’ll often know immediately if the link looks suspicious but if all the links in the email direct you to the same URL, you can be fairly sure it’s a phishing email.
#4 Getting personal
The biggest giveaway of a phishing attack is if the email is asking for any personal data such as usernames or passwords. Fake invoices are a typical approach used to gain credit card details.
#5 Spell check
If an email doesn’t look professional, it probably isn’t. Check for poor spelling and grammar and trust your gut.
#6 Something’s afoot
Any legitimate email should contain company information in the footer – as a minimum the company postal address, email contact and an unsubscribe link. If any of this isn’t present, it’s likely to be fake. If the email address or unsubscribe link is present, hover and check the URL as suggested in tip 3.
#7 When in doubt… speak to your IT Provider
If you can’t be confident if the email is legitimate or not you should always opt to speak to your IT support professionals.
Alternatively, you can do your own investigative work and contact the supposed sender. Source a telephone number from the company website (not using the contact details from the email) and give them a call to enquire. If their company brand is being falsely used in a phishing scam, they’ll be pleased you called.
At Jupiter IT, we’re passionate about cyber security.
While we’d all like to think we’d easily spot a phishing attack attempt, these people are good at what they do. So good that as many as 54% of businesses have fallen victim to a phishing or other social engineering cyber attack during the last year.
Anyone in your company with an email address should be trained in cyber security awareness in order to avoid this type of attack. That’s why we provide free, content-rich, cyber security staff training for all our clients.
We hold the prestigious Cyber Essential Plus Certification and as experts in this standard, can help you become certified too. To find out more, drop us a line – we’re waiting to share our expertise with you.