In this article, we will discuss what phishing is, how phishing attacks can lead to data breaches, why you should be careful about giving up your personal information, why you should exercise caution whenever an email tries to create a sense of urgency, and what common signs can help you spot phishing emails.
How would you define phishing?
Phishing is the use of deceptive messages to dupe victims into handing over information, money or credentials. Phishing emails utilize social engineering to deceive their victims into performing harmful actions.
Phishing attempts
A phishing email may attempt to dupe you into performing the following are actions:
- Transferring money to a cybercriminal’s bank account. This is especially a threat to staff in finance.
- Handing over sensitive, confidential or private information. This could include anything from card details to industrial secrets.
- Following a link to a fake log-in page. These fake pages are made for harvesting victims’ credentials.
- Downloading a malware-infected attachment. Many virus attacks start with infected attachments in phishing emails.
How to deal with suspicious or unexpected emails
- When you receive an email that you suspect is phishing, what should you do? You should report the email to your IT team or line manager. This helps protect your colleagues in case they have received the same or similar phishing messages.
- When you receive an unexpected email from a colleague that asks you to view an attached PDF file. What should be your course of action? Instead of viewing the PDF file to see what it’s about, downloading the attachment and scanning it with your antivirus program, or replying to the email to verify if it is genuine, you should contact your colleague. In case your colleague’s email has been compromised, you should contact them through another medium.
- Let’s say you receive an email from someone in senior management asking you to transfer money to a new bank account which will be reimbursed later. What should you do? You should not transfer the money right away. Rather contact the sender of the email over phone or in person to check if they really sent the email. You should always double check that any unexpected requests for money transfers or payments are legitimate.
- Some people believe only certain individuals are targeted by phishing emails, like finance, IT or Senior Management. What do you think? Which employees are likely to be targeted by phishing emails? The answer is simple, any employee, as anyone can provide an entry point for an attacker.
- You receive an unexpected email asking you to urgently log in to your online banking account. What should you do? Do not follow the link in the email or sign into your online banking account and do not respond to the email to check if it is legitimate. Rather check the email for potential signs of phishing before you do anything else. It’s always good to act with caution when emails try to create a sense of urgency.
- You receive an email from HR about a new holiday policy. It links you to an online document that asks you to log in with your email credentials before letting you in. What should you do? While some people would just type in their credentials, or only check that there is a green lock on the address bar, you should check that the domain of the email and log-in portal look legitimate, and if in doubt contact HR directly. This is the safe course of action.
- What’s the easiest way to avoid falling for a phishing scam? Always stopping to think when receiving an unexpected email that asks you to do something. The best way to protect yourself from phishing is to exercise caution whenever you receive an unexpected email.