Information for
Home » Phishing

Phishing

Phishing

Phishing is a form of social engineering that is based on approaches from someone you know. This is popular because those receiving the messages will be more trusting if they thinking they are getting a message, link or request from a friend, a relative, or an organisation. Phishing attacks often include links to ‘copycat’ websites that look legitimate, such as a bank, business, or government office, which then ask users to log in—thus revealing their passwords etc to the hackers. The website you will be taken to may look very legitimate with all the right logos, and content. In fact, the criminals may have copied the exact format and content of the legitimate site. (See below for how to check out copycat websites). The links might also infect their device with malware.

Popular phishing attacks

You might receive an email purporting to come from a bank or credit card provider, a government department, your school or college, a membership organisation or a website you buy from, telling you that you need to follow a link to supply some details – typically a password, ⦁ PIN or other confidential information. The message might warn you that the request is urgent due to some change in systems, or that otherwise your account will be closed.

The message may ask for an update on an important project your company is currently working on, or even seem to contain information about wage increases or promotions. Often the attachment will be a simple word document or excel sheet which might nonetheless contain a virus.

A message from a friend who is stuck in country X, has been robbed, beaten, and is in the hospital. You need them to send money so they can get home and they tell you how to send the money (to the criminal).

Spear phishing is a form of hacking that involves getting a message or email from a colleague, employee, boss etc requesting login information, sensitive employee data, or simply asking them to open an infected attachment or click on a malicious link for more information about a new policy.

  • Never reveal personal or financial data including usernames, passwords, PINs, or ID numbers.
  • Think before you click. Hackers create a sense of urgency to make you act first and think later. When you get a highly urgent message, take a moment to be sure this is from who it’s supposed to be. The best way is to find another way to contact the person or organisation to confirm the message. If you receive an email or what’sapp message, trying calling the person over the phone instead (if it’s an organisation and you don’t know the number, google it; don’t call a number a hacker suggests). Better safe than sorry!
  • Research the source. If you’re sent a link to a website, ignore it. Instead google the company and go to their website itself. That way there is less risk of being misdirected to a copycat website.
  • Delete any request for personal information or passwords. A bank or other reputable organisation will never ask you for your password via email or phone call.
  • Do not open email attachments click on links in emails from unknown sources.
  • Recognise threats of financial issues or offers that seem too good to be true, for what they really are. If you receive an email claiming to be from a lottery, or a dead relative, the millionth person to click on their site, or thousand person to have to have shopped with them that month - ignore it. In order to give you your ’winnings’ you have to provide bank details they can send your winnings to. Or they may ask you for ID so they can prove who you are.
  • Bargains may also be suspect. Be careful of unsolicited emails with great offers containing an urgent offer end date (for example “Buy now and get 50% off”).
  • A scam may also show up as an amazingly great deal on classified sites, auction sites, etc.. The seller risks might even have a good rating (as part of a well planned scheme). Those who take the bait risk getting nothing in return for their money, or being infected with malicious software and having their own contacts exploited.
  • Do not attach external drives or USB devices into your computer if you are not certain of the source. They may contain malware.
  • Do not send emails to people with lots of people in copy. Better use 'BCC' (blind copy) box instead. That way if you’re hacked, these other emails won’t fall into the hands of the hacker.
  • Even if a post or tweet seems to come from someone you trust, their account may have been hacked or spoofed. If in doubt contact them but by some other means to check if they sent it.