© Systems AXIS Limited,
axisfirst is a trading style of Systems AXIS Ltd. Head Office: AXIS House, 53/55 St Mary Street, Bridgwater, Somerset, TA6 3EQ. Registered Company 2370905 | VAT No. GB 515 8599 12
In homage and a nod to the 1970's public service announcements, here is my own version for a modern day threat we all need keeping safe from... Phishing Emails!
One tactic often used by hackers is urgency. This is because psychologically people just impulsively react under pressure making this an effective way phishing emails compel you to take action. Social engineered attacks use authority figures known to the individual to solicit personal information, pressure you into making financial transactions or to download malware infected documents.
Where you read your email can also impact on how likely you are to react immediately without the same presence of mind. If you are out of the office and reading your emails on your mobile device, you may be less thorough and diligent in examining the validity or authenticity as it is much harder to do on a small screen using your fingers and thumbs. This is why taking a moment to pause and plan your next action is vital.
Phishing for sensitive information is a numbers game. Hundreds of thousands of emails sent on the hope that a handful of recipients react. These typically are the types of emails you receive impersonating a banking company, courier company, online streaming service or social media platform. They are not designed to fool everyone but even a 0.1% response rate is massive.
In recent times, the visual design of these emails has significantly improved and some phishing emails look incredibly genuine so you do have to be alert and vigilant. Similarly the landing pages which you make be taken to appear more authentic and resemble the brands that they are trying to imitate.
With a more targeted email attack, hackers will take a more personal approach and will be looking to direct their email as a specific individual. This technique is known a spear phishing and is used to obtain the trust of somebody within an organisation who is authorised to make decisions or financial transactions. The language and the composition of the email may be familiar to the recipient and make appear from a more trusted source such as a company director, line manager or supplier. Spear phishing attacks are commonly targeted at company secretaries, office managers, accounts departments and those who would act upon instruction.
Are they who they say that are? Hover over the name, is the email from the right address? It is easy to mascarade or impersonate another email address. But often when you check the actual address of the email it is not who they claim to be. Be aware that support-microsoft.com is different from support.microsoft.com so look carefully at the domain name and make sure there are no hyphens or joined up words which do not belong.
Were you expecting that invoice? Call your supplier and check they sent you an attachment. Spear Phishing attacks can be planned over several months to mimic the timing and language of known associates or colleagues. Check account numbers match with previos payments as it can be a subtle change in bank details which is the difference between genuine and fake emails.
Hover over the links to see where they go. If you are being asked to renew passwords or update payment card information, visit the company website directly rather than using a link and log in there instead. It might seem obvious to many but you will be surprised what people do in the heat of the moment. Especially when in a rush or distracted with other tasks.
If something looks suspicious, it usually is so trust your instinct. Any element of doubt or uncertainty, delete it. If it is that urgent, the person or company will contact you another way.
One way to stay alert is to enroll on cyber awareness training or sign up to simulated phishing attacks to measure and test the vulnerability and susceptibility of your users. This is a safe environment by which users can be tested and measured and appropriate training given to fill any gaps in their knowledge and understanding.