SEBS IT Colour Strip

Blog Archive

Common Phishing Attacks and How to Protect Against Them

Email scams used to be relatively easy to spot. They normally had words like Winner! in subject line. Anyone who was taught about cybercrime and in turn not to click on suspicious links would straight away see that these emails were scams. Since then scammers have become highly intelligent, tech-savvy, and the potential rewards make it worth putting in the time to deceive you. Phishing Attacks are becoming a fast growing threat to SME's

What is Phishing

 ‘Phishing’ is a method of fraud that involves tricking the victim into sharing information such as account names and passwords to their online accounts. Scammers no longer just batch-send hundreds of emails in the hope that one will work; they precisely target their victims, in some documented cases scammers have spent years building up trust with companies, Unfortunately insurance companies are unwilling to stump up when the leak can be traced to a mistake made by the victim themselves.

 How to Identify Phishing Scams and Protect Yourself

 Spotting spear phishing scams is not always easy but thankfully, as phishing relies on human error to succeed, vigilance and common sense form a key part of a strong defence against this threat, here are some tips you can share with your team on how to spot the most common types.


1. Deceptive Phishing

   This currently the most common phishing technique that scammers will use, they simply send a message purporting to be from one of your genuine providers or clients, asking you to re-send personal information or log-in through a different web portal. Frequently the emails will come with a sense of urgency either warning of potential charges or benefits that may be at stake.

To identify such an email, look out for generic greetings or links within the email. Legitimate companies will not ask for your personal data in this way or will they expect you to click on a link within an email that takes you to a log-in page.

2. Spear Phishing

It may seem simple to identify a generic email as a fake, but when phishers use existing information about you frequently extracted from social media it can take an eagle eye to spot an imposter.

In this case look out for alarming threats that are designed to make you panic and respond instinctively. You can reduce the chances of becoming a victim by being careful what you post on social media and ultimately ensuring that your social media privacy settings exclude the general public. Using a different password for every site also ensures your accounts remain safe even if one does get compromised.

3. CEO Fraud

 CEO fraud is targeted at anyone within a company who holds a position able to enact payments or provide vital information. We’ve seen from details of several high-profile cases, Scammers have assumed the identity of an authority figure within a company and made requests to the accountant of the business to action a payment, again this emails are frequently worded with a sense of urgency to make the target act instinctively.

Be sure to double-check any unusual or fishy sounding requests, and remember the boss will be more annoyed by a million pound scam than an extra phone call here and there.

 4. Pharming

 Beyond scam emails, phishing attacks also stretch to dodgy websites, Hackers hijack a website’s domain name, and set it up to redirect you to a fraudulent site where you will be asked for sensitive information.

Before entering any information online always check the site is secure (the address will start with https:// not http:// note the “s”) , you can also check the sites security certificate is valid, This is normally done in most browsers via an padlock icon to the left of the address.

 5. Dropbox Phishing

 The File-sharing giant Dropbox is a magnet for phishers. Separate scammers have sent Dropbox-style emails to internet users, asking them either to validate their account, thus compromising their security details, or download a shared document which will normally be a form of malware.

 Two-step verification is the best way to stay secure, Dropbox support this as do most other sites of its kind, With 2FA enabled you generate a onetime password either via an app on your phone or by entering a code received via text message , Much like logging into your bank

6. Google Docs Phishing

A particularly sophisticated scam and very difficult to spot until to late, In this case the victim is invited to check out a document on Google Docs, the scammers’ fake page will be hosted on Google Drive so everything will seem legit.

 Again go for two-step verification to make your system as secure as possible, but you can also look out for small clues that it may not be all that is seems, such as errors in the text of the page or the drop-down language menu.

To recap

 The aim is to make you click on malicious websites or attachments, so that you share sensitive data or download malware.

If you receive an email asking for an invoice to be paid, always check this thoroughly before sending any money – even if you recognise the sender, spear phishing emails often look authentic.

 Scammers often use email addresses that are very similar to those of colleagues or clients, with just a subtle difference in the email address. Always checking the email address and look out for any uncharacteristic errors in spelling or grammar within the email itself.

 If you have been contacted out of the blue and offered a deal that seems too good to be true, It probably is

 Be aware of your social media presence

 Enable 2FA on sites that support it