What is Phishing?4th July 2019
Phishing (noun): The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
The other heinous purpose of phishing is to use an email to infect your computer with malware. Malware is designed to intentionally interfere with your computer or mobile device’s operating system and render it, at worst unusable, or at best, very inconvenient to you.
What to Look For – Checklist
With suspicious emails becoming more and more difficult to spot, how do you know what to look for?
We’ve prepared this brief guide to help protect you from phishing emails. If you’re in any doubt about an email’s authenticity, do not click on any links, and check it against the following points:
1 – Who’s the email from? Do you recognise the sender? It might look legitimate but hover your mouse over the name and you’ll see the actual email address – which will most likely be unrecognisable.
2 – If the email purports to be from an organisation you either have an account with, or have done business with, they may even use that organisation’s branding and logo. Compare with an email that you definitely know is legitimate and trustworthy and if in any doubt, delete!
3 – Check spelling and grammar. Legitimate emails are most likely written in a house style and spelling and grammar checked before sending. Dodgy spelling and grammar are a sure sign of malice.
4- Is the email asking you for personal information? Do not reveal any personal information in an email. It’s not just passwords that open you up to risk – sharing any personal information like National Insurance numbers, full name, address, bank details can all be used against you. Legitimate companies would never ask for your password either in an email or on the phone.
5 – On the subject of passwords; never change your password if prompted in an email. Open a new window or tab and log in to the website the email purports to have come from and change your password that way. Never click on any buttons or links asking you to change your password.
6 – Don’t be taken in by so-called ‘urgent’ requests. Contact the company direct if you know them or have an account with them. A few minutes of time taken to check authenticity could save you a lot of trouble afterwards.
Update your Password Policy
It is best practice for a company to have a ‘password policy’ that contains clear guidelines on passwords and how often and when they should be changed. It might seem obvious but make sure employees are aware that passwords should be changed regularly, should never be birthdates, children’s or pets’ names, or easy to guess keyboard passwords like ‘qwerty’ or ‘asdfg’. Instead urge them to use passwords that are a combination of words, numbers, symbols and upper and lower case characters.
Remember, you are always better being safe than sorry!