Looking to improve your personal or organisational cyber hygiene? Follow these tips and tricks to avoid getting caught in the net.
Phishing attempts, that is efforts by malicious characters to target other people via communication platforms such as email, text and phone calls, are becoming increasingly common. Research suggests that currently, phishing is the most common form of cybercrime with roughly 3.4bn suspicious emails sent daily.
For organisations, phishing attempts pose a significant risk, particularly if they hold sensitive data relating to activity, personnel and consumers. To avoid becoming a victim, companies and their employees first need to be able to recognise the signs that correspondence may not be legitimate and here is how.
Return to sender
One of the easiest ways to spot a fraudulent message or email is by double checking who sent it. People with malicious intent will often use an email address that almost looks real, with only a subtle difference, for example an extra letter or form of punctuation.
Take the time before you respond, if you respond at all, to ensure that the email is actually correct and from the organisation it claims to be coming from. If you remain unsure, why not track down a legitimate phone number for the person or organisation and get verbal confirmation that the source is reputable before you reply.
Generic equals bad, detailed also equals bad
The language used in a phishing attempt tends to be very telling. If it opens with an impersonal, generic greeting that avoids using your name then it can be a red flag that you are being targeted as part of a phishing attempt. Similarly, if you get what is essentially a dramatic, over-the-top story from someone aiming to elicit both sympathy and funds then that is a very obvious attempt.
That goes for urgency too. If the language is trying to instill panic by making an action seem urgent, for example if it threatens to shut down a crucial account, like a banking app, then it is likely trying to capitalise on fear and compel you to click without thinking it through.
Too familiar
Often someone trying to glean information will act as though they have connected with you previously, to gain your trust and make them seem more credible. This is typically done by putting ‘Re:’ in the subject line, so it appears that you have already been in touch. They may also say something along the lines of “as per my last message”, “following on from” or other phrases that imply you know who you are speaking to.
If you can’t recall having ever contacted this person don’t be in a rush to get back to them. Take the time to go through your message platforms to determine if you may just have forgotten the interaction, or even look them up on professional platforms such as LinkedIn.
Also, organisations that require extremely sensitive or personal information, such as banks, medical providers, your place of work, are likely not going to request that money or information be sent via a link in an email or a text.
If the request is legitimate, then the person or organisation will not begrudge you asking to facilitate a transfer of information or resources via an in-person transaction. So don’t be afraid to draw a hard boundary where necessary.
Protect yourself going forward
When it comes down to it, a huge part of avoiding a phishing scheme is just in deploying some common sense. By observing how a message found its way to you, its content and what it is asking of you, you can make a pretty astute decision regarding whether or not there is a risk.
On the technical side, technologies such as two-factor authentication and software and email filters can add an additional layer of security to incoming messages. Online resources designed to offer advice and help to those who think they may have compromised their systems can also be extremely helpful.
Don’t be afraid to open a conversation with your employer or co-workers about improving the organisation’s cyber hygiene as it truly affects everyone from the top down. Training programmes designed for employees and their companies are an ideal way to ensure everyone has the necessary skills to maintain cybersecurity protocols, making workplace networks and devices less vulnerable.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
