What is Phishing?
Criminals want to convince you to do something which they can use to their advantage.
In a scam email or text message, their goal is often to convince you to click a link. Once clicked, you may be sent to a dodgy website that could download viruses onto your computer, or steal your passwords and personal information.
Over the phone, the approach may be more direct, asking you for sensitive information, such as banking details.
They do this by pretending to be someone you trust, or from some organisation you trust. This could be your Internet Service Provider (ISP), local council, a business partner or even a friend in need. And they may contact you by phone call, email or text message. The term ‘phishing’ is often used when talking about emails.
How do I spot suspicious phishing emails?
Spotting scam messages and phone calls is becoming increasingly difficult. Many scams will even fool the experts. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:
- Authority – Is the message claiming to be from someone official? For example, a client, your bank, doctor, a solicitor, or a government department. Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency – Are you told you have a limited time to respond (such as ‘within 24 hours’ or ‘immediately’)? Criminals often threaten you with fines or other negative consequences.
- Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity – Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current events – Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.
Am I a target?
Short answer: Yes. Definitely.
It’s real easy for criminals to look up anyone’s details on, for example, LinkedIn and determine that you might just be a useful target. It takes them about 10 seconds to add you to a distribution list and push out a very credible looking email that appears to have come from exactly the kind of contact that you would expect to receive something from.High-profile organisations aren't the only targets for phishing scams; a simple LinkedIn search can reveal a whole network of individuals who could be targeted and fall prey to scams. Click To Tweet
Three simple rules to follow
When a potential phishing email is reported to me and I’m asked what to do next, I always start with my three simple rules:
- If you weren’t expecting it and it looks dodgy, it probably is. Delete it.
- If it’s from someone you recognise, call them to confirm it’s genuine. If they can’t, then delete it.
- If you’re still in doubt, delete it anyway. If it turns out to be genuine, they can always send it again.
In general, when reporting a suspicious email, always include a screenshot of the email rather than the email itself, that way there’s no danger that any dangerous links will be shared around and if you do find an example, then it’s a good idea to share that screenshot with everyone. That way, if anyone else receives the same communication, they can just send it to the deleted folder straight away.
The same rules apply to texts and WhatsApp or Signal messages, in fact just about anything.
For further reading and advice, take a look at the National Cyber Security Centre website.
Learn more about Northdoor’s anti-phishing solution that uses artificial intelligence to learn and adapt to the evolving threat, providing better protection with zero administration effort.