COLUMN: Phishing – think before you click!

by Stuart Brown
Cyber security expert

Phishing emails are online scams that are reliant on you, the reader/end-user, being tricked into doing something without thinking about it. They can take many forms and the ingenuity these days knows no bounds as scammers are now researching their potential victims in far more detail than ever before.

Phishing, vishing and smishing can involve accessing a false website, entice or threaten you to make a call for payment or an engaging email or SMS text message for some purpose or other.
They can be targeted at individuals – which has largely been the case in the past, but now are being what’s called socially engineered to target multiple employees in businesses and organisations with a specific type of scam or phish for greater pickings inside your company network.

The scammers are after money directly via phone or online, additional personal details e.g. bank account details, date of birth, family members etc or more sinister now by including what’s called a payload – a small amount of programming code that can embed itself in your computer, tablet or Smartphone to allow an attacker inside your home or business network. You may not realise opening a PDF, MS Word document or Jpeg image file attached to an email with an offer voucher or other juicy enticement or free advice contains something sinister.

Supposed fines, like parking or speed cameras, or late “payment penalties” with links or phone numbers to “pay now” are also common. See the image of a recent email phish I received recently – on the surface looks legitimate enough and I admit I had to read it three times or more to realise it was a phish. The penny dropped when I searched for my car registration number and didn’t find it.

The average time a computer or network has been compromised is 210 days BEFORE someone discovers them! Yes it’s true, 210 days – think about what an unauthorised intruder can learn in that amount of time on all of your devices.

So, be vigilant – something for free or sounds too good to be true is not all it seems. Be very careful opening ANY file attachments to emails or clicking on any links. Search for the phone numbers online to verify mobile or landline numbers. Make sure your internet security anti-virus/malware software is up-to- date and THINK before you click. If in doubt about an email, phone call or SMS message call Action Fraud on 0300 123 2040.

Leave a Reply