How to Spot Phishing
Phishing involves attempting to trick a victim into handing over sensitive personal information (such as passwords or credit card details) by posing as a trusted entity in an electronic communication such as email or a web site. These messages are typically tailored to look like an authentic email or web site from a legitimate source and aim to get the victims to hand over valuable information, often by clicking on links provided in the message which lead to malicious sites designed to look like the genuine article.
In the past, phishing attacks have often used familiar names such as ‘ILOVEYOU’ or ‘CASHNOW’ to appear more trustworthy but attackers now use a much wider range of techniques, including using AI software that can create believable emails with proper spelling and grammar, along with public information on a target company and its executives. This makes it even harder for users to spot a fake.
The latest trends in phishing include offering energy or council tax rebates, or encouraging people to apply for ‘cost of living payment packages’ that mimic genuine government support. This type of attack is often targeted at vulnerable groups, such as those in financial hardship, according to the City of London police’s National Fraud Intelligence Bureau.
If you receive an email asking you to provide personal information or click on attachments, remember that the majority of organizations will not ask for passwords or credit card details via email and if they do, their website will usually be clearly marked as secure. Also be sure to inspect all attachments for spelling and grammar mistakes as well as looking at the full file name to see if it is consistent with what is expected of that type of file, such as a document or an executable.