“Phishing” is the practice of fooling unsuspecting people into giving away their most confidential data, such as usernames, passwords, birth dates, mobile numbers and more — by cleverly disguising their communications as authentic requests.
It is one of the main ways that criminals conduct a cyber attack on a business, and it is definitely an area of growth. Companies such as Honda and Easy Jet have recently been subjected to cyber attacks with customers’ details being compromised. So no business, big or small, is safe.
Just because it looks familiar – doesn’t mean it is.
Most phishing emails are designed to fool you into thinking that you are carrying out something that you would normally do online, such as logging into Facebook or logging into your bank. But of course, once you open the email, click on to the link and log in, you are actually doing something else – you’re giving over passwords, usernames and more.
Another tactic used by cyber criminals when devising phishing attacks is to lead you to believe that you have won a prize or been selected to go into a lottery. These types of emails often appear to be from reputable companies such as Google and Amazon, so it is all too easy to get excited and click on.
So, what can you do to spot a phishing email? Here are our five tips.
- Always confirm that every email comes from a valid source. Take a minute to check the email address properly rather than just rely on the name being familiar.
- Never click on a link without first looking at the URL. Does it look like a known or standard website? Copy and paste the URL into your internet browser and see what comes up – you’ll soon know if it looks suspicious.
- Only click on email links that include the “s” in “https://”. That “s” means that your communication with the website is secure and has a certificate of security to back that up.
- Never open any attachments unless you are sure they are from somebody you can trust. Whether you are waiting to receive an email or not, approach attachments with caution.
- Use 2 Factor Authentication (2FA) where you must provide an additional code to log in. This provides an extra layer of security to keep your accounts safe from phishing scams.
So there you have it. It is advisable, especially in the current climate when we are all working from home more, to get into the habit of making these tips your normal practice. You never know when cyber criminals will strike but if you and your team are following these simple steps, then you are making it safe to go about your business online.
Greystone: Making sense of IT and software solutions.