What if someone could steal your whole identity with little more than an email?
So-called ‘phishing’ scams – in which emails are sent with the express purpose of stealing your personal details – are becoming more common than ever, but they continue to trick unwary users.
Email filters have traditionally done the job of ensuring that all incoming email is genuine. Common programs used for this purpose are DomainKeys Identified Mail, Sender Policy Framework and Domain-based Message Authentication, Reporting and Conformance.
As a result, the writers of phishing emails have had to change their methods in order to keep up. So these days, we’re faced with a range of new, more subtle traps, many of which try to convince us they are from a trusted source.
So, we ask the question: how many of these phishing scams would fool you?
If your company uses a virtual PBX or softphone system, you may be used to voicemails appearing in your inbox as a media attachment. So when someone sends a phishing email that poses as an ordinary voicemail, it has a sense of urgency that’s difficult to resist. Our advice: don’t click until you’re sure it’s genuine. If it’s not, in fact, a voicemail recording, the attachment could do untold damage to your computer.
2) Corporate communications
Everyone prioritises emails from their boss. But if it’s a phishing scam that merely seems to be an important work email, opening the attachment or clicking on the embedded link in the message are surefire ways to install troublesome malware.
This is an extremely common phishing scam. It may appear in the form of a bank account warning or puzzling advice about your credit card, encouraging you to click on a link. Remember that most financial institutions would not warn you of fraudulent activity on your credit card via email, so don’t be tempted to click! No matter how genuine the email appears, contact your bank first to verify it’s not a scam.
If you are sent an invoice at work, your instant reaction might be to process it immediately. Scammers rely on this instinct, sending authentic-looking invoices that could end up costing your business a lot in the long run.
5) Order confirmations
It’s very difficult to tell phishing attacks and genuine order confirmations apart, particularly when they are paired with a well-known brand. The use of a well-known brand keeps user suspicion to a minimum – but always approach emails like this with caution to avoid being caught out.
6) Security alerts
In this day in age, users are notified about security alerts on a regular basis, particularly so that they can contact IT support and have the threat dealt with quickly. Alerts such as ‘Your account has been disabled due to unauthorised access’ are a common focus and can catch many users off guard.
7) Package delivery
When it looks like you’ve received an unsolicited gift, curiosity can get the better of you. However, as always, it’s best to question the validity of any email you receive – particularly if the email promises a package or a holiday that you never ordered.
8) Social networking
Social network phishing plays on our natural curiosity and instinct to make new friends. If you receive a friend request from someone you don’t know, it’s sensible to approach it with caution. Remember: any links you click could lead to potentially harmful code running on your computer.
Quite simply the oldest trick in the book. Scammers contact people offering job opportunities, dates and pharmaceuticals. As soon as the recipient clicks on a link, attempts to defraud them begin – from their personal information to their online banking details.