Phishing is among the most common of all vulnerabilities and is the definition given to email fraud where the perpetrator sends out legitimate-looking emails that appear to come from well-known and trustworthy websites such as PayPal, eBay, MSN, Yahoo and many more.
.It brazenly disregards operating systems from Android to Windows, as clicking a fake link is platform agnostic. If s/he clicks the fake email link, their details are sent to a remote server. With your bank details, they phish your account, leaving you penniless.
Through phishing, individuals can attempt to gather personal and financial information from a recipient such as passwords, credit card and bank account numbers which can then be used for identity theft.
The email directs the user to visit a website where they are asked to update personal information, which the legitimate organisation already has.
The website, however, is an imitation of the real website and is set up only to steal the user’s information.
A ‘Watering Hole Attack’ is pretty similar to spear phishing. Attackers snoop or guess a group’s website, then infect one or more websites with malware.
How to protect yourself from Phishing:
There are numerous spoof emails/texts doing the rounds claiming to be for contact tracing, NHS donations, fines for being outside etc. Please be extra vigilant when receiving messages with attachments, links or requests for money. Also be wary of any payee whose bank details appear to have changed – contact them directly before making any payments.
If you’re not sure whether your account has been hacked, you should change the password for it as soon as you can. If you need help managing passwords, for example to make sure each account/site you use has a different one, and making sure your passwords are complex enough to deter malicious users, please contact us – we can help set you up with password management software, which is free for personal users, or at a reasonable cost for businesses where you can share passwords between users/groups.
If you receive an unexpected email which says something like your account will be shut down unless you can confirm your billing information, DO NOT reply or click on links in the email – delete it. Similarly if you see a pop-up with this request close or ignore it.
When submitting financial information through a website check the following points:
- Ensure you can see the “padlock” icon in the browser’s status bar
- The website address starts with https:// (normal website start with http://). The extra “s” means you are on a secure connection within the website.
Remember, legitimate companies will never ask for personal or confidential information in this way. If in doubt, contact the company directly and ask them for further information.