How to spot and prevent a phishing attack

In today’s digital age, cybercrime is very much a concern both to individuals and corporations. One form of cybercrime that I have been seeing a lot of lately are phishing attempts. Indeed, around 83% of organisations were subjected to a phishing attack last year. Phishing is where scam emails, messages or calls are used by cybercriminals to trick their victims, often which the aim of having that individual click a malicious link.

Phishing is a method used by fraudsters to obtain sensitive personal information, and can have many adverse consequences including:

• Identity theft;
• The installation of malware on a device; and even
• A full-scale hacking of systems.

Cyber criminals are clever and innovative, and phishing attempts are becoming more and more sophisticated. Nowadays companies often have systems in place to identify and prevent cybercriminals from infiltrating their systems. As an individual, you can prevent phishing attacks by simply being able to identify a malicious email. Here are some red flags to consider when you receive an email that you think could potentially be a phishing attempt:

What to look out for

1.An email is from someone you know, but the sender’s email address does not look correct

For example, the CEO of company you work for is called John Smith and his email address is [email protected]. You receive an email from John Smith who asks that you “urgently” assist him with an important task which requires you to download a bundle of documents from a shared link, which he provides to you in the email. This is strange, as John never contacts you directly. You also notice that John’s email address does not appear to be correct – it is listed as [email protected].

While subtle, this would be a clear example of a phishing attempt. Therefore, you should delete the email and report it to your company’s IT department as soon as possible.

2.The message requires urgent action

Much like the example above, phishing messages often contain a sense of urgency. Many scams require individuals to “act now”. This is usually present when one receives an email from an address purporting to be PayPal or Netflix, requesting that a user urgently updates their account details or else they will: a) be charged; or b) have their account closed. The email would usually also contain a link for the individual to follow.

3.The message is from an individual of authority

As with John Smith, phishing attempts often appear to come from people of authority, whether that be the CEO of the company you work for, your boss, or even a government official. Exercise caution when receiving communications from such individuals.

4.A text message from a company is from a mobile number

Another common method used by fraudsters is to contact individuals via text message, which includes a malicious link. For example, you may receive an email from “Evri” stating that your parcel is being held at a depot and you need to pay £1.50 to have it delivered. The text message contains a link that will take you to the payment page requiring you to input your card details. However, whilst the sender is marked “Evri”, you notice that is has come from a mobile number, starting with “07”.

This is example is most certainly a phishing attempt, particularly in regard to the request for payment. It would be extremely unusual for a company (such as Evri, or RBS) to send a standard message from a mobile number, as well as to request payment of such a small sum.

Key takeaways

The overall takeaway is to be aware that phishing scams exist and are very much prevalent. Always glance a second eye over communications you receive and trust your gut instinct. Even if the communication is in fact legitimate, as the old saying goes, it is much better to be safe than sorry.