In light of January’s targeted attack on the University, we’d like to remind everyone to be on their guard against phishing email.
What can we do to protect ourselves?
Firstly, stop and think.
The best defence against phishing is to look carefully at all messages, even if you think you know who the sender is.
Take your time and look for phishing clues.
- Be suspicious of ‘call to action’ buttons or links – for example, ‘click me’ or ‘verify now’ – or attachments. Don’t click on them if you’re at all unsure.
- Before you click on any link, hover your cursor over it to reveal where it will really take you. (On mobile devices, press and hold gently.)
- Be suspicious of unsolicited emails. If it sounds too good to be true, it probably is!
- Know who the sender is. If you’re not sure, contact the sender in some other way.
- Don’t be thrown by scare tactics – for example, the threat of repercussion if you don’t act immediately.
- Be particularly wary of responding to email on your mobile. The mobile interface conceals many of the red flags that might otherwise highlight a potential phishing attack.
- When in doubt, throw it out!
- Never reveal sensitive information such as bank account or other personal details.
Think you know how to spot a phishing email?
Take Google’s phishing quiz and find out!
What is phishing and how does it work?
Phishing is a form of identity theft that exploits our tendency to trust. It’s not new – it’s been around in one form or another since the mid-90s – but attacks are becoming increasingly sophisticated and can be difficult to spot. Phishing works because we continue to fall for it.
Scammers send us fake emails that appear to come from a reputable organisation, colleague or friend. These can be extremely convincing, tricking us into divulging confidential personal information such as credit card details and passwords. January’s attack on the University was made all the more convincing by the use of email subject lines that were relevant to the recipients.
Author: IT Security Team