8. Phishing Awareness

Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website. It is responsible for a significant number of frauds and scams and the majority of cyber attacks start this way.

AS SUCH IT IS CRUCIAL TO UNDERSTAND THE SIGNS OF PHISHING

Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide amongst the huge number of benign emails that busy users receive. Attacks can install malware (such as ransomware), sabotage systems, or steal intellectual property and money.

Take Five – Stop Fraud is a national initiative to reduce fraud including phishing. Find guidance and a quick test of your skill in spotting scams, frauds and phishing at:


Spear Phishing

Phishing emails can hit companies of any size and type, or individuals. You might get caught up in a mass campaign (where the attacker is just looking to collect some new passwords or make some easy money), or it could be the first step in a targeted attack against the company you work at, where the aim could be something much more specific, like the theft of sensitive data. In a targeted campaign, the attacker may use information about employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.


Protect Others – Report Phishing

You can report phishing to the National Cyber Security Centre. NCSC will analyse the suspect email and any websites it links to. They will use any additional information you’ve provided to look for and monitor suspicious activity.

If they discover activity that they believe is malicious, they may:

  • seek to block the address the email came from, so it can no longer send emails
  • work with hosting companies to remove links to malicious websites
  • raise awareness of commonly reported suspicious emails and methods used

You may be protecting lots of other people who didn’t spot the scam!


Practice!

Google’s Jigsaw branch have created a simple online phishing quiz which you can use to have a go at spotting phishing.


Examples