Is your business at risk from information thieves? Derby Hub member Owen at Code 56 explains the dangers of ‘phishing’ and how to prevent it from happening to you.
Phishing (pronounced “fishing”) is a type of social engineering attack, where the attacker sends people some “bait” (hence the name) to trick them in to exposing information, like passwords.
Normally the initial contact is delivered by a fake (spoofed) email or instant message (IM – like Skype) that looks legitimate at first glance and sometimes can be tricky to spot. Generally, the message is short and to the point with a link or attachment for the victim to click on. Clicking on this then sends the victim to a fake page that can look exactly like the proper site which can be really tricky to spot. Once on the site, any details entered (like passwords) get sent back to the attacker. Normally the link has been shortened to something like https://goo.gl/S1D18o to obscure what hides behind it. (Don’t worry – that one just links to our own website!)
The most common attacks fake a password reset in order to trick people into providing their password. Once the attacker has a password they will try to gain access to other services such as PayPal or Online Banking.
Another common phishing attack aims to trick the recipient into thinking the email has come from their bosses, such as the CFO or CEO and instructs them to create a payment urgently. There have been a few high-profile cases of this recently.
Unfortunately, it’s pretty difficult to prevent well written phishing attempts from getting through to people. The only real ways of stopping yourself falling victim are to stay vigilant by. Here are 4 tips to prevent data thieves stealing from your business:
- Not clicking on links or opening attachments from email addresses you don’t recognise
- Not clicking on “forgotten password” or “account setup” emails if you’ve not asked for them
- Checking that the web address (URL) matches what you expect (e.g. when resetting a Facebook password, the web address should contain “facebook.com” at the beginning)
- Phoning the person you think has sent you instructions before following them