How to Spot a Phishing Attack

Big fish

How to Spot a Phishing Attack

Although you may think that spotting a phishing email is as easy as well…spotting the difference between these two fishing images below, the attacks are becoming more sophisticated and harder to identify. Kyle, our General Manager and resident fisherman is here to tell you about the different types of phishing, and how you can avoid falling hook, line and sinker for them!

Fishing

Below are 3 different types of phishing that you need to be aware of: 

1. Phishing with Contacts

This is the most common type of phishing when a criminal pretends to be one of your recognized contacts and asks you to verify information or make a payment. Criminals will research your social media, track your online behaviour and collect personal details to make the email sound legitimate.

Another common trick will be to resend or clone an email that you have just received from one of your contacts, claiming that the link isn’t working, or an attachment was missing. When clicked, these links can insert malware onto your device that gives the hacker access to your computer or open up websites for further malicious intent.

A very common phishing attempt we often see are emails asking for you to renew your website domain, or that a Chinese company has bought it and you need to “click on the link” to verify it is yours…don’t fall for it, check with us first!

Common contact scams include:

Tech Support Phishing:  These scams are tech support emails that recommend you install software on your computer to “fix” malware/speed/storage issues. Once clicked, these malicious links install the malware instead.

 Clone Phishing: This is when hackers create almost identical copies of real emails you have received from your legitimate friends and contacts that trick you into sharing your private information. A common trick will be to resend or clone an email that you have just received from one of your contacts, claiming that the link isn’t working, or an attachment was missing. When clicked, these links can insert malware onto your device that gives the hacker access to your computer or open up websites for further malicious intent.

Spear Phishing:  This is when a company or individual is targeted specifically. Criminals will research your social media, track your online behaviour and collect personal details to make the email sound legitimate.

Whale Phishing: Whale phishing refers to attacks directed at the big “phish” that is senior management, chief executives, wealthy or prominent individuals. Again, criminals try and trick the big phish into giving away their personal information.

How to avoid this sort of phishing? 

  • Look at the sender’s name AND email address,
  • Look out for generic greetings, spelling or grammatical errors,
  • Be suspicious of any unexpected attachments or links within the email, which you don’t normally get from the sender,
  • Before clicking a link in an email, always hover your mouse pointer over the link to verify the URL first.
Phishing
Look out for fake email addresses and malicious links when you hover on them.
An example of a phishing email pretending to be from Standard Bank. 1) The header is misaligned. 2) They are asking you to click on a malicious link. 3) They are asking you to share your OTP. No bank will ever ask you to do this. We will never request your OTP. 4) They have used outdated branding.

2. Phishing with Coffee

A malicious WiFi network is set up disguised as a trustworthy network e.g. in a coffee shop, or shopping centre. Once you connect to this network, hackers can steal account credentials and corporate data.

How to avoid this:

  • When connecting to unsecured WiFi networks, avoid accessing private accounts or use a VPN to secure your connection. We recommend using TunnelBear as it is cost-effective and user friendly. We can also help secure your home WiFi networks to minimise your chance of being hacked.

3. Social Phishing

The scammer trawls through social media to find people complaining on a big company accounts such as a retailer or bank….and there are usually many of those! The criminal then pretends to be a customer service representative from the company – either on email or through social media – who wants to “resolve” the issue and tricks you into giving your account details.

How to avoid this

  • Be very careful to hand over your account information especially pins and resetting passwords.
  • If it seems unusual, best check directly with the company through another channel e.g email, phone call to verify before handing over your information.

Due to the pandemic which has caused a change in most people’s working environments as well as increasing time spent online and increased time spent on social media, phishing attacks rose by 350% last year!  Knowing what to look out for and being extra cautious is a solid line of defence, however, we at AmbroseIT offer a host of tools and safeguards to deter phishing before it even hit your business’s inbox. Chat to us today about how we can tighten your online security to protect you and your company.

About AmbroseIT

AmbroseIT is here to provide SME businesses with the best technology solutions available.

Contact

14 Albany Road, Alex Park, Harare

08677-000-333
support@ambroseit.com

Opening Hours
Mon - Fri 08:00 - 17:00
Sat 08:00 - 12:00