Phishing is among the most common of all vulnerabilities and is the definition given to email fraud where the perpetrator sends out legitimate-looking emails that appear to come from well-known and trustworthy websites, anything from PayPal, Microsoft or Google to BT, Virgin, HSBC and Royal Mail.
It doesn’t matter whether you are on a PC, Mac or phone – if you respond or click on embedded links, they will try and get relevant details about you, so that they can access your bank account for example, and get you to transfer money to them. If you receive any such unsolicited or worrying emails, don’t respond to them; instead, directly contact the organisation they say they are from (e.g. your bank) by a known telephone number (look it up or look on your bank card), and confirm if there is a problem with them.
Often, the phisher (the people who have sent you the fraud email) will direct you to visit a website where you might be asked to update personal information, or download and install some software to give them control of your computer. It might seem very genuine, and often they might already have some of your personal information.
How to protect yourself from Phishing:
There are numerous spoof emails/texts doing the rounds claiming to be for contact tracing, NHS donations, fines for being outside etc. Please be extra vigilant when receiving messages with attachments, links or requests for money. Also be wary of any payee whose bank details appear to have changed – contact them directly before making any payments.
For example, this can happen in a legitimate email exchange with someone where one of the parties has had their email hacked. You might have started a conversation with a known contact about, say, a bank transfer for an investment or purchase. The conversation goes to and fro for a bit, and then the other party sends a request for payment details to be filled in, or ask you to pay into a particular account. It’s at this point if you are transferring a large amount to a new account number that you should call (not email) the other party and confirm the bank details, as the fraudster may have hijacked the email exchange and put their own details in. We have seen this happen many times, with unfortunate results.
If you’re not sure whether your account has been hacked, you should change the password for it as soon as you can, and where practical, switch on multi-factor authentication (ask us about this). If you need help managing passwords, for example to make sure each account/site you use has a different one, and making sure your passwords are complex enough to deter malicious users, please contact us – we can help set you up with password management software, which is free for personal users, or at a reasonable cost for businesses where you can share passwords between users/groups.
If you receive an unexpected email which says something like your account will be shut down unless you can confirm your billing information, DO NOT reply or click on links in the email – delete it. Similarly if you see a pop-up with this request close or ignore it.
When submitting financial information through a website check the following points:
- Ensure you can see the “padlock” icon in the browser’s status bar
- The website address starts with https:// (normal website start with http://). The extra “s” means you are on a secure connection within the website
- Double check the bank details directly with the organisation before transferring or authorising any large amounts
Remember, legitimate companies will never ask for personal or confidential information in this way. If in doubt, contact the company directly and ask them for further information.
If your business has experienced a phishing attack or you would like more information on how to stay protected, please get in touch with us at Tabard IT on 0131 339 9448 and find out how we can help with your business IT security.