Have suspicious seeming emails landed in your inbox? Maybe they say they’re from a trustworthy sender, but they have incorrect spelling and grammar or they’re pressuring you to take action immediately. If you’re sensing red flags, you’d be right – these are phishing emails sent by cyber criminals to steal your sensitive information. This common cyber threat can have a serious impact including data and financial loss or identity theft, and with over three billion sent daily, they’re a scam you need to look out for.
Today, the Lateral Plains crew have compiled a comprehensive guide to spot this threat, including the different forms, how you can identify them, and how our Ballarat-based MSP can help local businesses stay safer online. Let’s jump into it.
What is a Phishing Attack?
Cyber criminals use phishing attacks to manipulate users and capture personal information including passwords, financial details, and more. Hackers try to appear trustworthy by posing as a reputable organisation (commonly impersonated brands include Google, Amazon, Microsoft, and Apple – though they could also impersonate your bank or a brand you interact with) and often use a false sense of urgency to prompt action such as clicking a link or attachment, or providing sensitive data. This sense of urgency can lead to people acting before they’ve taken time to consider whether the email, text message, or call is legitimate.
Successful phishing attacks can result in victims clicking a malicious link, installing malware, revealing financial details (such as credit card details or internet banking login credentials), or providing personal information. They can lead to data breaches, with more than 30% of breaches involving this scam.
So, how are phishing scams impacting Australians? In 2023, the Australian Competition and Consumer Commission’s ScamWatch saw 108,626 phishing scams reported with losses totalling $25,898,114. Today, it’s more important than ever to build your cyber security awareness so you can spot this threat.
Phishing Attacks Forms
While emails are the most common form, there are other methods you and your team should be aware of. This includes:
Smishing and Vishing:
We’ve briefly mentioned smishing (SMS phishing) and vishing (voice phishing) already – which take the form of fraudulent text messages or calls. Smishing messages typically prompt the recipient to click on a malicious link, whilst vishing calls and voice messages can employ voice-changing technology to trick people and appear more legitimate.
Spear Phishing:
These threats are more targeted than a phishing email, requiring cyber criminals to research individuals and businesses using publicly available information (this might include profiles on social media or a company’s website) to personalise communication. Spear phishing attacks prioritise quality over quantity, and are often more successful than phishing emails.
Whaling:
This threat is like spear phishing in that they both prioritise a personalised approach. However, whaling attacks specifically target c-level executives or staff in senior positions. Cyber criminals impersonate other senior staff members, which creates a false sense of trust. These attacks can lead to financial loss, the installation of malware, or cyber criminals gaining access to company networks.
How to Spot a Phishing Email
Ready to spot this threat and stay one step ahead of cyber criminals? Our nerd herd have rounded up their top tips below.
1. They use a sense of urgency
This tactic is a form of social engineering, and is used to panic the recipient and prompt immediate action. This means you’re less likely to notice red flags or consider the legitimacy of the communication.
2. The email is requesting sensitive information
If the sender is asking for unprompted personal data, or trying to direct you to another site to confirm sensitive data (such as financial details or login credentials), it might be a phishing email.
3. It includes bad spelling and grammar
Frequent spelling mistakes and grammatical errors are a common giveaway for phishing emails. However, with today’s AI capabilities, we can expect the content of phishing emails to become more sophisticated.
4. It’s sent from a different email domain
Cyber criminals use fake domains similar to the company they’re impersonating, allowing them to trick unsuspecting victims. If the email seems suspicious, you can check any previous communication from the company or check their website to verify the domain.
5. There’s no personalisation
If the communication is from an organisation you’ve interacted with before, they’ll know your name and will likely personalise emails. Watch out for generic greetings, which could be an indicator of a fraudulent email.
How Our Nerd Herd Can Help
Want to stop your team from opening and falling for these scams? Our Ballarat-based MSP can support you with a complete Security Awareness Training solution. This takes the form of engaging videos, interactive lessons, and simulated phishing email campaigns so your team can learn to spot and avoid common threats and stay on top of best practices. Ready to get started? Get in touch with us here, and we can discuss how this service will support your cyber resilience.