By Amelia McGuigan (Cyber Security Student).
After the fifth text message this week inviting me to click on a suspicious link, I decided to dig a little deeper into how to avoid phishing attacks. We are continuously warned not to click on mysterious links in emails and texts, yet it only takes a momentary lapse of judgement or a well put together phishing email to trip us up. Phishing emails come in trends, fraudulent government tax rebates, phony bank messages and most recently, false coronavirus vaccination offers. They rely on the messages having some relevance to our recent online activity or scaring us into making snap decisions.
Phishing vs Spear Phishing
Phishing is varied and sometimes targeted. Attackers send out messages to thousands of recipients aiming to mislead individuals into giving away bank details, personal information or to infect our devices with malicious software. On your work device you may find similar emails, but the motive is different. Spear-phishing is a targeted attack, a hacking organisation may try to gain access to a company’s network via an employee device or trick you into paying a fake invoice.
Tips to avoid being a Phishing Victim
Here are 3 tips to avoid phishing attacks on your personal devices.
Tip 1: If you are sceptical, go directly to the website. For example, if you receive a message from your bank stating you have made a transaction or from an online retailer asking for a confirmation of a payment method, open a new tab and log in to the official website directly. Never click the link, even if it looks legitimate.
Tip 2: Check the ‘sent from’ email address. If an email address starts with a long list of numbers and letters followed by an irrelevant domain (the name after the ‘@’ symbol), it’s highly unlikely the sender is genuine. Sometimes phishing attackers hide their email address by modifying their contact name to be more believable, but a closer inspection of contact information can reveal a lot more about a sender.
Tip 3: If you click a link do not panic! It is rare for the link itself to infect your device immediately, its usually the actions you make afterwards that can cause a problem. Even if you have mistakenly entered your personal or bank details, call the bank and change any relevant passwords to help rectify the situation. But make sure to monitor your accounts afterwards and notify work if you were using a company device.