According to CERT NZ, the New Zealand government’s cyber security watchdog, phishing attacks are one of the most common type of cyber attack experienced by New Zealanders. They occur when criminals send messages pretending to be somebody else to try and trick people into giving up their private information - often passwords or credit card details. Found in emails, text messages, or while surfing the web, phishing attacks can cause disruption and financial loss to individuals and businesses.
It used to be easy to spot a phishing attack as they were often littered with spelling mistakes and grammatical errors, and while they may have included genuine logos and images, they were very badly formatted. Unfortunately, attackers have become a lot more sophisticated and messages now appear more genuine and believable, and can even be hard to spot as fakes.
A healthy amount of suspicion can go a long way towards protecting yourself from phishing emails. If you’re not expecting a message from a person or organisation, it’s a good idea to contact the sender on a phone number you already have for them or one you find on their official website. Checking the sender’s address, including their domain name, can reveal fraudsters. Reputable organisations will never use consumer email services like Gmail or Outlook.com. One thing to remember is that an offer that seems too good to be true or seems unlikely, probably is.
If you do follow links in emails, text messages, or on the web, always check the address of the website you end up at to ensure that it’s the company’s official address. I recently got a text message claiming to be from UPS and I was expecting a parcel so it seemed plausible. Even though I’d already concluded it was a phishing attempt, I followed the link out of curiosity and it took me to a website at parcel.bestonlineoffers.site. This website clearly isn’t an official UPS website. Reputable businesses will never ask for personal information, including passwords and credit card numbers, using third party websites like this.
Attackers are becoming quite clever and will reply to messages found in hacked email accounts. This provides them with a trusted setting to take advantage of before they try to trick recipients into giving up their personal information. These attacks are effective because people’s guards are already down and the attacker is continuing a conversation with someone familiar to the recipient. Situations like this illustrate why it is so important to always be cautious about what you click on.
Phishing attacks pose risks to businesses because they can harvest users’ passwords and provide attackers with access to their computer systems. Even with access to a single computer, attackers can start to infiltrate the rest of your computer network, and steal your important information and hold it to ransom.
A good endpoint security solution and email security service can help protect against phishing scams. However, the best line of defence is making sure you know that what you’re clicking on is the real think. If in doubt, check with the sender by phone to keep yourself safe.