Cyber Security: Phishing
Spotting a fake incoming email
Phishing is one of the most common methods of cybercrime. Here a few things to look out for to keep us safe from scam emails…
Email Address
The simplest way to tell if an email is legitimate is to review the email address. Legitimate organisations typically send from their email address using their company domain name after the “@” symbol. For instance: info@twitter.com
It may seem obvious, however if the content of an email looks legit but you are unsure if it is a scam email, scrutinising the email address is a good way to judge if the email is from a trustworthy sender.
Some cyber criminals are buying specific domains that look like well-known brands to trick us into thinking they are real, making it more important than ever to take the time to double check the email domains displayed.
At first glance they might seem real enough, but there will be a small difference in the address, such as an incorrect number or character. Using the email examples above, these might appear as: info@twit7er.com
If you have any doubts about a message, report this to IT and also contact the organisation directly. It is important to ensure you don’t use the number or address within the message – use the details from their official website.
Email Links
Often emails may contain links that look like a genuine URL, however when clicking on the link, it takes you to a different website address that has been compromised.
This commonly occurs within emails that suggest a service that you use has been compromised, such as your cloud service. The email sender will then offer a redirect link that looks like a genuine URL to log into your account, however the link will take you to a dangerous web address.
To avoid clicking on a compromised link, you can hover over the link within the suspicious email and view the link address, but it is best to go direct and log into your official service provider’s website, if you have any concerns that your account has been compromised. Never click on the redirect link.
Shortened URLs
Shortened URLs can look suspicious, but you can check them at sites like www.getlinkinfo.com, which will pull out the original longer link address to confirm if it is genuine or fake.
Scareware
Scareware is a malware tactic that cyber criminals use to manipulate users into doing something they do not need to do through scare techniques, such as fake time limits or termination threats. Most often scareware is used to take advantage of a user’s fear, to coax them into installing fake anti-virus software’s through pop ups or compromised weblinks in an email.
When looking to identify a scareware email, they often include a scaring subject line such as ‘Urgent’ or ‘Immediate Action Required’. The email may also ask you to click on a download link to receive an antivirus software to remove a specific threat to your device. If you have any doubts, please speak to IT before clicking on the email.
Blind Copying (Bcc)
Another oddity for watch-out for is when incoming emails have used Bcc. It seems unlikely that a trustworthy email provider would use a Bcc for a prospective or existing customer.