Phishing Awareness

Protect your business from Cyber threats by being phishing aware – here’s everything you need to know

How to identify a Phishing Email:

Being aware of the potential threats via mailboxes is a step towards cyber-crime prevention. What key points do you need to consider when you’re unsure?

Below are the 8 most important elements to check when you receive a suspicious email into your inbox.

Make sure you are familiar with all of them because if you receive an email with even one of them in it, the chances are it is a cyber security threat and you must NOT click or action it in any way, other than to report it.

What is a Phishing Attack and why are they dangerous?

Some examples of Phishing Emails:

Scroll through some of the latest cyber attacks and make sure you are phishing aware:

Types of Phishing Scams

When being phishing aware, it is good to know that there are different types of phishing scams. We have outlined the main ones you should be familiar with before they happen to you, or your colleague.

GDPR Scams

Even after the implementation of GDPR, email campaigns asking users to accept a new mandatory privacy policy due to changes in legislation as a result of GDPR, are still prevalent. Clicking on the URL provided, however, prompted recipients to submit personal data including financial and account details.

Whaling Scams

This is a relatively new type of phishing email that specifically uses board meetings as an email topic to target C level executives. The email will appear to come from the CEO and will ask board members to reschedule the meeting via a link in the email. Once this is clicked, you have opened the door to your credentials for the hackers. The email may even have a subject headline or content that appears to be unique or specific to your business.

Tax Scams

HMRC scams are often used to bait phishing victims, taking the form of a promised rebate if the recipient completes a tax refund request. Clicking through to the website, which also looks legitimate, reveals a form asking for personal details in addition to bank account details.

Spoofing Scams

A spoofing scam fosters trust from an end-user by imitating a known contact. If the end-user then opens the seemingly legitimate link, often imitating a Dropbox or Microsoft SharePoint document, not only is the URL ridden with malware, but it also leads the user to a realistic imitation of the expected website. Because the site looks legitimate, the user enters their credentials, which are then harvested by hackers.

Sextortion Scams

One of the more prevalent phishing scams, sextortion sees criminals sending out emails claiming to have recordings of the recipient watching pornographic content. To give authenticity to the threat, a criminal might send a previous password of the recipient’s, acquired from a past data breach, but claiming it to be a recent hack.

Banking Scams

One perennial phishing scam comes from an email stating that a bank transaction was rejected. The victim, fearing a fraudulent transaction has been made in their name, will click on the link provided in the phishing message and leave their data vulnerable in the process.

Lottery Scams

The idea of winning the lottery is an appealing thought to most. As such, lottery phishing is popular. Offering the ability to ‘claim your prize’, lottery phishing emails typically request your name, address, bank account details, or PayPal information. Fraudsters can then sell this information on the dark web.

Child Porn Phishing Attack

This currently circulating phishing campaign is particularly dangerous – not only does the email manufacture a malicious, damaging, and costly extortion attempt by implicating the victim with possession of child pornography, but it also contains links potentially riddled with malware.

Weaponised Attachments Scams

A particularly dangerous phishing attack, cyber criminals have been able to weaponise PDF attachments. Once opened, the XML within the attachment runs a script, bypassing security and granting the attacker remote access to the recipient’s infected PC.