What is Phishing and How to Avoid It?
Phishing is a cyber-crime in which an attacker targets an individual and contacts them via email, telephone, or text message and poses as a legitimate institution. The victim is tricked into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. That information is then used by the attacker to access important accounts and can result in identity theft and financial loss.
The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center reported that American individuals and businesses lost more than 3.5 billion dollars to phishing attacks in 2019.
How to Recognize Phishing Emails
Cyber criminals launch thousands of phishing attacks per day. Scammers will use emails or text messages to trick victims into giving them personal and private information. Take the following steps to determine if an email is a phishing attempt:
- Check for spelling and grammar mistakes
- Hover your mouse over the link within the email without clicking to see the full URL and examine it for typos or suspicious characters
- Type the company’s website directly into the URL to see if it matches the link within the email
Learn more about how to spot malware in various situations here.
Phishing Messages Imitate Trusted Sources
Attackers will format phishing emails and text messages to look like they are from trusted individuals and businesses. These businesses include credit card companies, social networking sites, online payment app, or an online store. Some of these imitations are incredibly meticulously executed – matching brand colors, similar imagery and familiar formatting all reinforce the perception of legitimacy.
Phishing Messages Feign Urgency
Attackers might try and trick you into clicking on a link or opening an attachment by including a message of high urgency or financial importance. They may:
- Claim they noticed suspicious activity or log-in attempts on an account
- Claim there is a problem with your account or payment information
- Request you confirm personal information
- Include a fake invoice
- Request you click on a link to make a payment
- Offer a coupon for something free
- Inform you are eligible for a government refund
How to Protect Yourself
Your email spam filters may prevent phishing emails from entering your inbox. However, scammers strategize to outsmart filters, therefore it is sensible to add extra layers of protection. Here are four steps you can take to protect yourself from phishing attacks.
- Protect your computer by using security software and set the software to update automatically so it can repel new security threats
- Protect your mobile phone by setting software updates automatically
- Protect your accounts by using multi-factor authentication – multi-factor authentication makes it harder for cyber criminals to log in to your accounts if they get access to your username and password
- Protect your data by backing it up in a location that is not connected to your home network – for example, you can copy your data to an external hard drive or cloud storage
What to Do If You Suspect a Phishing Attack
If you receive an email or text message that urgently requests that you open a link or attachment, consider whether you have an account with the company or know the person that contacted you.
If no, it could be a phishing attempt. Report the email or message as spam and delete it.
If yes, contact the company or individual using a phone number or email address that you know is legitimate refrain from using any contact information in the email.
What to Do If You Responded to a Phishing Email
If you think a scammer has your information, go to identitytheft.gov (US) or www.actionfraud.police.uk (UK). You will be prompted to take specific steps based on the information that was stolen.
If you think you clicked on a link or opened an attachment that installed malware, contact your IT department immediately. They will likely ask you to update your computer’s software and then run a security scan in the first instance.
Kivu’s Phishing Defense Service
Does your business use Microsoft 365? If so, Kivu offers a phishing defense system that can be integrated within your email account. It allows you to report an email as suspicious with just a single click, notifying our team of experts who will then investigate it. If the email is determined to be a legitimate threat, we will inform you on how you can use proper email hygiene to protect your systems and data going forward. Contact us for more details.
Want to learn more?
Get in touch and we’ll talk you through managed security options tailored to your organization.
Submit an enquiry >
For more information on managed endpoint detection and response at Kivu, download our factsheet. Download the factsheet >
We also offer a bespoke Microsoft 365 investigation service, focused on mitigating business email compromise. Download the factsheet >