Email Scam – What is a Phishing Email?
What is phishing? Phishing is a kind of scam carried out by con artists and identity theft criminals - specifically designed to trick you into unwittingly providing personal or confidential information, login details, credit card numbers, passwords and the like that are then used to do you harm.
A special on lures, weekend charters, and The Top 10 Best Spots to Take Your Kids to Catch a Flathead. I wish they were the kind of emails I was talking about, but no, we’re talking about a different kettle of fish - phishing (confusing, I know).
“Phishing” is the term used to describe an attack where an individual tries to convince you to provide them something (such as your account credentials or money). This could be through sending you a link to a rogue website, or by attempting to convince you they’re someone else, such as the company CEO or the accounts department from one of your vendors (which can also be referred to as “Spear Phishing”).
A lot of the time, these email messages will ask you to complete a task, such as login to your online banking to update details, buy gift cards for clients, or pay an invoice, and every now and again the attack relies on you starting a conversation with them over email.
Some example scenarios from phishing emails could include:
- Receiving an email from someone claiming to be your company CEO asking you to buy a number of iTunes gift cards for clients. You go out and purchase these gift cards and reply to the email confirming you’ve got them. You’ll then get a reply saying they’ve been held up and won’t be able to pick up the gift cards, so they ask you to send the gift card codes to distribute to clients. You reply with the codes, and the attacker will then claim the gift cards on their account and steal the money.
- Receiving an email that claims to be from your bank with a notice such as your account is overdrawn. It will request you click on a link to log in to your account and fix the issue. The link takes you to a page which looks like your bank’s online banking login page but is in fact a rogue website. When you enter your account details and try to log in, your account details are saved in a database, and the page defaults back to the login screen (making you think something just went wrong). Sometimes these pages will even send you to the real webpage after you try to log in the first time, so when it works fine the second time, it makes you believe the first time was a glitch. At this point, the attackers now have the details to log into your bank account.
How do I protect myself from a Phishing Scam?
Simply deleting these emails is generally all you need to do to protect yourself from this attack, but identifying a phishing email isn’t always straightforward.
How do I know if I’m facing an email scam? Some things to look out for are:
- Spelling mistakes, incorrect grammar, and/or broken English. A lot of phishing emails are originally written in another language and translated to English, so if you see sentences that just don’t read correctly, this is a big sign that the email isn’t legitimate.
- Different tone or writing style to usual. If the email is claiming to be from someone you know or a company you work with, but it doesn’t read the same way as your usual emails from this person or company, then it is likely not from them.
- Weird links. If the link doesn’t look like is normally does, like ebayonline.com instead of ebay.com, then it is likely a rogue website. Additionally, a lot of companies, such as banks, will never include links in their emails, and will instead direct you to browse to their website.
Finally, if you’re not sure, ask! Reach out to the company or person the email is from on the phone or contact your Technical Support team to have a look at the message for you, it never hurts to ask!
Help, I’ve been Phished!
If you feel you may be a victim of a phishing scam and don’t know what to do next – contact us and one of our cyber security experts at Cloudwize can help you today.