These days you read about it more and more; banks, financial institutions and companies warn against fake emails or messages circulating on their behalf.
You can see phishing as someone who is trying to obtain data in order to gain access to certain systems. This could be personal accounts or even bank accounts. The people behind this are called cyber criminals and are difficult to trace. They often use popular subjects to make their messages as credible as possible. A popular subject is for example tax returns, a payment from your bank or a Corona compensation.
Cyber criminals don't have use just one way of working, but use different methods to trick users. These are the 5 most common methods used by cyber criminals:
1. By phone
Telephone phishing mainly happens to individuals and less to companies. This way of phishing can be recognized by two things: You are always asked for personal information such as your username and password, and there is always a sense of urgency - you must always take action urgently. A well-known example of this is getting a call from a Microsoft employee about an urgent update for your computer. If you follow the caller in this, you will eventually install malicious software that will steal your data or lock your computer.
Make sure you know better! Know that Microsoft or financial institutions such as a bank will never make calls themselves. If you do get someone on the line (and sometimes with a clear foreign accent), hang up immediately.
Sending phishing emails is the most popular method used by cyber criminals. E-mails can be easily distributed and may contain hyperlinks. By copying logos and layouts from companies, emails can appear very convincing, which makes it extra difficult to distinguish them from "real" emails. Still, you can recognize a phishing email if you look closely. The sender address often doesn't match with the company at all and attachments or links in the email go to a completely different (and suspicious) website.
Make sure you know better! Look closely at the sender of the email and be very careful with attachments. If in doubt, contact the company itself to check the content of the e-mail.
3. SMS and/or WhatsApp messages
Phishing in the form of an SMS is also referred to as ‘smishing’. A popular smishing trend is messages from the bank. Cyber criminals send a link hoping the receiver will click on it and enter their person information.
Make sure you know better! A bank will never send you an SMS or WhatsApp message. Are you feeling unsure about the content of the message? Contact the company or bank to confirm the message.
4. Applications on smartphones
Cyber criminals develop simple apps and state in the fine print that the data you may have in the cloud can also be accessed by the application. With the information stored in the cloud, cyber criminals can create a new attack for your contacts.
Make sure you know better! Only install applications that you know are safe and if in doubt read the fine print before completing the installation.
5. Collaboration tools
Cyber criminals know that many people are working from home at the moment and that they collaborate digitally with their colleagues by using applications such as Teams or Zoom. This is information that cyber criminals can misuse. Teams and Zoom are applications that are new to many people, making them more likely to click on something. For example, a cyber criminal would send an email with a link to a document shared in Teams. Because this is still so new, this seems correct to the user and they would click on the link without thinking twice.
Make sure you know better! Hover with your mouse (make sure not to click!) over the link in the email. Are you feeling unsure if it's real? Ask the colleague who sent it to confirm!
Cybercrime continues to increase which is why it's important to keep your guard up. Does something seem too good to be true? It could be phishing. You can also fight against cybercrime yourself by forwarding suspicious emails to firstname.lastname@example.org.
Are you interested in how you can tackle phishing within your company? Contact us for a personalised approach.