Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals will regularly send targeted emails and SMS/text messages to individuals to attempt to get people to respond with their give out personal or confidential information, including credit card information, username and passwords or other sensitive information.
The best defence is awareness and knowing what to look for.
Info | ||
---|---|---|
| ||
Phishing attacks are common and routine - it's OK to err on the side of caution, and question the legitimacy of any email sent to you. If in doubt, call the person who sent you the email or SMS to validate it's authenticity, or contact the IT Service Desk. |
Some methods to recognise phishing emails
- Suspicious links or unexpected attachments - the links that appear in an email body may go to somewhere unexpected, always rest/hover your mouse over any links which will reveal the real web address and don't click any suspicious links.
- Unexpected or suspicious attachments - Word documents are regularly used to spread malware and viruses, if you receive an unexpected or suspicious attachment - do not open it.
- Urgent call to action or threats - be suspicious of any email that claim claims that you must click, call, or open an attachment with urgency. A common attack method is to claim something is time sensitive creating a false sense of urgency. Whenever you see a message calling for immediate action, pause, and look carefully at the message - are you sure it's real? Slow down and be safe.
- First time or infrequent sender - whilst it's not unusual to receive an email from someone new for the first time, especially if they are outside your organisation. New senders can be a sign of phishing campaign, so take a moment and examine the email carefully for suspicious links, what the sender address is.
- Mismatched email domains - if the email claims to be from a reputable company, like Microsoft or your NAB bank, but the email is being sent from another email domain like gmail.com, or microsoftsupportteam.ru com or nabbankthenabbank.com - it's a scam. Also be watchful for very subtle misspelling of the a legitimate domain name, like micr0soft.com ("0" instead of "o") or naab.com.au (NAB business name doesn't have double "aa").
How to report a phishing email
...