There are loads of scams out there. Job scams, romantic scams, extortion, fake charities. The list goes on and on, but one you’ve almost certainly encountered already is ‘phishing’. It’s a tough nut to crack, and I’m not just talking about the pronunciation (let me help you there: it’s ‘fishing’).
To help protect you and your business, we’re going to have a look at how to spot a phishing scam in 2022 and how you can safeguard against it.
What is Phishing?
According to phishing.org:
“Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.”
In basic layman terms, the bad guys (scammers, hackers, thieves, naughty boys and girls) pretend to be good guys (financial institutions, telecommunication companies or other legitimate businesses) in order to steal your information like credit card details, pin numbers, passwords or personal information. They then buy stuff at your expense, sell your information to other parties, hijack your accounts or steal your cash.
How does Phishing play out?
You can be contacted in different ways – through social media, email, texts, phone calls. The message will be designed to seem as genuine as possible. Logos will be copied from official organisations and the fake websites you’re directed to will look exactly like legitimate ones.
They’re trying to catch you in an unguarded moment. They’re also trying to take advantage of the less tech savvy amongst us. They use scare tactics, such as ‘Time is Running Out!’ or ‘This is an Urgent Request.’ They might promise a prize; or say someone is making a massive transfer out of your account and your bank password is required to stop it. Another classic is the ‘deactivation scare’, where they’ll say your account will be shut down if you don’t immediately input your password.
There are endless ways they’ll try to get past your defences. Next thing, Mister Scammer is flying first class to the Virgin Islands wearing a mink coat, and you’re paying.
How to Spot a Phishing Scam
Spotting a phishing scam is all about increasing your level of diligence and applying a good dose of common sense. Here are a few technical things you can look out for that should throw up red flags.:
– Double check the senders email address. If the origin is generic, misspelled, or nothing like the institution they’re claiming to be, you’re being phished;
– Does the message contain poor grammar and spelling mistakes? No big corporate will send out an email without it being proofread, so be careful of this one;
– If the message has a generic greeting like ‘Dear Valued Customer’, or if there is a blank space where your name should be on email greeting, chances are it’s a scam;
– Links are always a bit phishy (see what I did there?). Even if the embedded link looks ok, hover over it and check the hyperlink that pops up. If it looks a bit odd, don’t click it. They’re hoping its similar enough you won’t notice the difference and will click through anyway;
– For the love of all things cyber, please don’t download any unverified PDF or Zip files unless you’re 100% sure of the sender! They’ll often contain ransomware or other viruses;
– Fall back on your intuition and common sense. Prizes don’t fall into your lap, Paypal wont email you for your account details, Microsoft can’t magically sniff out a virus on your computer. Those are all scams.
A Real Life Phishing Scam
From individuals to home businesses to massive corporations, there’s an endless list of entities who’ve fallen victim to phishing scams over the years. But here’s one that made the headlines:
Facebook and Google got duped out of $100-million: Yup, the big boys in the tech world aren’t immune. Here a scammer posed as a legitimate computer company and sent emails to employees at Facebook and Google demanding payments for goods and services. He did such a good job that many of the employees actually paid the invoices. Eventually he was caught out and the money recouped…. Not before he denied the charges. Which is kind of what you’d expect from a conman.
Extra Precautions to Stay Safe from Phishing
2FA: Here at Smile IT we’re big fans of two-factor or multi-factor authentication. Basically adding an extra login layer of security to all your accounts, 2FA is low cost and effective. You can read all about it here.
Security Software: Keep your antivirus software updated so its able to detect the latest threats and prevent them getting through to you. Have a robust email filtration system on your emails too… if you don’t see the spam, you’re less likely to click on it.
Passwords: An extremely important buffer between you and the phishers out there, you need to change your password on a regular basis. Don’t store passwords in your browser either, because if access to your computer is compromised the scammer will be able to access them. Read more about increasing your password security here.
Trust Your Spidey Senses: This is worth repeating. If the web throws up something that doesn’t sit right with you, go with your gut instinct. Question everything. If in doubt, ask someone who knows.
Smile IT are Brisbane Cybersecurity Experts
The last thing we want is for your business to fall victim to a phishing scam. We want to keep you, your business and your accounts safe and secure from cyber threats. If you’re in Brisbane, why don’t you come have a chat with out about how we can improve your cyber security? Give us a ring on 1300 766 720 or contact us here and lets tee up a chat.
And no matter where you are in Australia, we can help out. If you’re unsure of an email or messages legitimacy, send it to our team at support@smileit.com.au. Our super sleuths will let you know if it’s a scam or not!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!