blog image
Is your business at risk from information thieves? Derby Hub member Owen at Code 56 explains the dangers of ‘phishing’ and how to prevent it from happening to you.
 
Phishing (pronounced “fishing”) is a type of social engineering attack, where the attacker sends people some “bait” (hence the name) to trick them in to exposing information, like passwords.
 
Normally the initial contact is delivered by a fake (spoofed) email or instant message (IM – like Skype) that looks legitimate at first glance and sometimes can be tricky to spot.  Generally, the message is short and to the point with a link or attachment for the victim to click on.  Clicking on this then sends the victim to a fake page that can look exactly like the proper site which can be really tricky to spot.  Once on the site, any details entered (like passwords) get sent back to the attacker.  Normally the link has been shortened to something like http://goo.gl/S1D18o to obscure what hides behind it. (Don't worry - that one just links to our own website!)
 
The most common attacks fake a password reset in order to trick people into providing their password.  Once the attacker has a password they will try to gain access to other services such as PayPal or Online Banking.
 
Another common phishing attack aims to trick the recipient into thinking the email has come from their bosses, such as the CFO or CEO and instructs them to create a payment urgently.  There have been a few high-profile cases of this recently.
 
Unfortunately, it’s pretty difficult to prevent well written phishing attempts from getting through to people.  The only real ways of stopping yourself falling victim are to stay vigilant by. Here are 4 tips to prevent data thieves stealing from your business:
 
  • Not clicking on links or opening attachments from email addresses you don’t recognise
  • Not clicking on “forgotten password” or “account setup” emails if you’ve not asked for them
  • Checking that the web address (URL) matches what you expect (e.g. when resetting a Facebook password, the web address should contain “facebook.com” at the beginning).
  • Phoning the person you think has sent you instructions before following them
 
Generally speaking, people will appreciate you being cautious if you are at all unsure about something.
 
If you think you might have been phished, or even if you’re not sure, a good step would be to reset your online passwords (preferably so they’re all different).  There are programs like KeePass (http://keepass.info/) that can help you manage your passwords in a secure way.
 
Owen Conti is the managing director at Code 56 and is an experienced IT specialists, helping businesses with emergencies and urgent problems (such as dealing with virus attacks or failed hard drives).

Share this:


Date Added: 09 February 2017

Commenting is not available in this channel entry.
click here to go back to all blog entries