Preventing Phising attacks

Protecting yourself and your company from phishing attacks.

What is Phishing

Phishing is a form a crime where the primary goal is to gain access to information by taking advantage of peoples natural trust and is a leading cause of data breaches.

A typical example of a phishing attack is where attackers send out unsolicited emails to victims usually with some urgency or with promises that are generally too good to be true.

More information is available from Phishing.org

Avoiding Phishing Attacks

Phishing can be completely avoided by approaching all emails and communications with a zero trust approach. This means that when you get an email or message you do not trust the information, contents, attachments, or links. This method of not trusting anything is somewhat impractical, since there are perfectly reasonable uses for emails or messages.

The Compromise

The compromise is to build trust in the sender by investigating the email or message. Consider all of the following before trusting it:

Try to view the email or message dispassionately.
Who is the sender: Do you know them? Is someone impersonating them? Is the address using non-ACKII characters when they should not? Copy and Paste the email here to find out if there are non-ASCII characters.
Does the message contain a sense of urgency?
What time was it sent
What is the spelling, punctuation, and grammar like? Could they be using a translation app?
Does it have attachments? Should it have attachments?
Are there links that when hovering over them, a different link shows up in the bottom left of the screen. (do not click on it to do this)
Does it have any personal information like your name, a code word, section of a card number, or postcode? All UK banks will add something identifiable like this.
Do you still have a bad feeling about it? Intuition is not scientific but if after all these tests and you are not confident then do not trust it.

There is no end to the creative attempts at phishing, this is not an exhaustive list but should significantly reduce the odds of falling victim to a phishing attack.

More information is available from the National Cyber Security Center.

Test your knowledge

Question 1

What are attackers trying to access with phishing?

Question 2

What is the name of the appropriate approach to unrecognised emails or messages?

Question 3

What should you check for in the senders email address?