Phishing is a popular form of cybercrime because of how effective it is. Cybercriminals will regularly send targeted emails and SMS/text messages to individuals to get people to respond with their personal or confidential information.
The best defence is awareness and knowing what to look for.
It's OK to be safe
Phishing attacks are common and routine - it's OK to err on the side of caution, and question the legitimacy of any email sent to you. If in doubt, call the person who sent you the email or SMS to validate the legitimacy, or contact the IT Service Desk.
Some methods to recognise phishing emails
- Suspicious links or unexpected attachments - the links that appear in an email body may go to somewhere unexpected, always rest/hover your mouse over any links which will reveal the real web address and don't click any suspicious links.
- Urgent call to action or threats - be suspicious of any email that claim that you must click, call, or open an attachment with urgency. A common attack method is to claim something is time sensitive creating a false sense of urgency. Whenever you see a message calling for immediate action, pause, and look carefully at the message - are you sure it's real? Slow down and be safe.
- First time or infrequent sender - whilst it's not unusual to receive an email from someone new for the first time, especially if they are outside your organisation. New senders can be a sign of phishing campaign, so take a moment and examine the email carefully.
- Mismatched email domains - if the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like gmail.com, or microsoftsupportteam.ru or nabbank.com - it's a scam. Also be watchful for very subtle misspelling of the legimate domain name, like micr0soft.com
Related articles