Phishing scams and how to avoid them

By Tecnica | Cyber Security | Comments are Closed | 10 January, 2024 | 0

A phishing scam is one of many types of cyber-attack and is used to trick people into giving out personal, sensitive information such as bank details. Attackers use various modes like email, SMS text messaging or hi-jacking of websites to fool victims into clicking on a hyperlink to a fake website or downloading an infected file.

types of phishing scams, Spear phishing, pharming, calendar, clone, whale, voice, SMS, evil twin attacks, page hijack attacks.

How do I know if an email is a scam?

Phishing emails

Fake emails can be obvious at times, containing bad grammar and spelling mistakes but attackers are becoming smarter by using AI tools to create realistic looking email campaigns. There are still ways to check if an email is genuine or fake.

Senders email address from a public email address like Hotmail.
URLs contained within the email are misspelled e.g. www.amaz0n.co.uk/myaccount
The email is asking for personal information like bank details, most reputable companies would not email and ask you to input banking information. If in doubt go to the company’s website directly, not through the link on the email, and check your account.
Emails will often say things like “account suspended” or “payment declined, click here to resolve”. Again, check your account directly on the company website, do not click on any links within the email. These types of emails are sent to panic people and catch them off guard.
The email may ask you to download the attached file. Never download any files unless you know where they are coming from, and you are expecting them.
Emails requesting payment from companies like PayPal will often not be personalised e.g. Dear [email address] or Dear User, companies like PayPal will also not send attachments for customers to download. If you’re suspicious about the content of the email then this can be checked by logging into you account via your device or web browser.
Attackers will also use current events to target victims. The COVID pandemic saw an exponential rise in phishing scams with attackers sending victims fake emails and SMS messages pretending to be the NHS asking them to book a COVID vaccine.
Christmas time often sees a rise in fake emails. For instance, delivery companies claiming they are unable to deliver a parcel or phone companies like Three or EE asking for more information regarding your recent contract. All in the hopes of catching someone who has legitimately used these companies recently and thinks the email may be genuine.

examples of phishing emails and how to spot them. The email claims to be from Amazon but the website address is incorrect and invokes panic in the recipient by prompting them to download an infected file.

Phishing text/WhatsApp messages
Scammers are also know to send text messages or WhatsApp messages containing suspicious links. These are often recognisable when:
• The message is received from an unknown number.
• The message will claim to be someone you know but not specify who they are for example the message may say “Hi Mom/Mum, I’ve lost my phone…” but they won’t give their own name.
• The message claims they were unable to deliver a parcel due to unpaid postage and will ask you to click a link to give your bank details.
• It may claim you have won a prize and ask you to click on the link.

Phishing text message claiming to be from the recipients child who's phone is malfunctioning and is asking the person to call them on another number.

Phishing message sent through social media claiming to be support services and threatening to suspend the account. It prompts the user to click a link to prevent this.

How can I protect myself?

If you don’t recognise the source or doubt the legitimacy of an email or message, ignore it or flag it as spam to your email provider or network provider.
Ensure you are using strong passwords, if possible, use a password generator that automatically generates a strong password for you. It is also advisable to set up two-factor authentication to make your accounts extra secure.
Keep devices and software up to date and protected with anti-virus software and firewalls.
Never click on an unknown link or download a file unless you were expecting them and know where they are coming from.
Regularly back up your data.
Educate yourself, learn how to spot a scam.

If you think you’ve been caught in a phishing scam

Contact Police Scotland if you think you have been scammed or think you may be a victim of fraud and you have lost money as a result.

For more information, please visit https://www.gov.uk/report-suspicious-emails-websites-phishing.

How can Tecnica help you and your business?

At Tecnica we help all types and sizes of organisations to take a strong pro-active approach to cyber security. With the help of our skilled IT Security Professionals and full stack software developers, we offer vast array of services ; cyber security, network security, endpoint security and email/web filtering all designed to protect your business, customers and staff. Contact us today to see how we can help keep your data safe from cyber criminals.

Tecnica IT Services, Skills, Knowledge and Experience can provide your business with Cyber Resilience.

Be a resilient organisation: Detect – Respond – Recover with Tecnica.