What are Phishing Attacks?
Phishing attacks are designed to trick you into revealing sensitive information or installing malware (including ransomware) on your devices. They are carefully crafted to look genuine and appear, on the surface, to be from a legitimate source.
Mass Phishing: The most common type of attack, using little personalisation. These emails usually appear to come from a recognised service provider, like a bank or HMRC and are cast out to a huge amount of email addresses.
Spear Phishing: A targeted attack which uses found or stolen information to tailor an email for an individual or group in order to make it more convincing.
Whaling: A personalised attack aimed at figures of authority in a company, with the goal of stealing their login information. This can then be used to impersonate the individual and authorise or direct fraudulent payments.
Phishing emails can often look convincing initially, but there are some tell-tale signs to look out for:
Targeted Phishing Emails
Targeted phishing emails can also appear to come from colleagues, suppliers and other close business contacts.
Voice phishing is referred to as Vishing. Criminals make telephone calls to gain access to private and financial information.
- The caller will already have genuine information like your name, address, phone number and bank details.
- Criminals will create a sense of fear and urgency – often that your money is in danger and you need to act quickly.
- Fraudsters sometimes offer unsolicited prizes or present offers that are too good to be true.
- The phone number may be spoofed so it looks like the call is coming from a legitimate source.
- Criminals can sometimes hold your telephone line, so if you hang up and call again on the same line, you might get put straight back through to them.
- There may be fake background noise to make it appear as if the call is coming from a call centre.
SMS phishing is similar to email phishing, but uses text messages. As with vishing and spear phishing it can be personally targeted.
Social Media Phishing
Criminals use social media to launch attacks that aim to steal personal data, spread malware or even hijack accounts.
Criminals set up replica accounts and then contact the victim’s friends and followers to tell them that their previous account has been abandoned. They will then use messages sent from this new account to try and trick the victim’s followers into clicking on links to websites which may steal data or contain malware.
In ‘angler phishing’ attacks, scammers steal branding and create fake customer service accounts. These are then used to respond to genuine user support requests, directing them to legitimate looking but fraudulent malicious websites.
Scammers will also attempt to imitate website admins with the aim of tricking people into giving up passwords and other sensitive information.
How to Stay Safe from Phishing
Look carefully at any unsolicited communication, particularly if it encourages you to take urgent action or it seems out of character for the sender.
Don’t click on links or download attachments
If you suspect something is wrong, don’t engage with anything in the communication.
Contact the sender directly
Use details on the apparent sender’s official website and documentation rather than any given in the communication
to try and ascertain the legitimacy of the message. If you are contacted on a phone, try to use a separate device to get in touch in case the line is being held.
Report any suspected phishing activity
At work, contact us here at Breakwater IT: 01603 709301 for any suspected phishing activity on your systems and we can take action on your behalf. On your home device, please contact Action Fraud at www.actionfraud.police.uk