All kinds of con artists are trying to get their hands on your information or access systems using phishing scams, most often through fraudulent emails.
We all regularly receive messages in our work and private inboxes that either claim we've won something – be it a fake prize draw, a gift from a rich anonymous benefactor or inheritance from a long lost cousin from half way around the world – request updated information (landline, electricity, mobile and bank details, etc.), or inform us that our online accounts have been blocked. The list goes on.
We've known how to expose these fake emails for a long time, but the scams are getting smarter and more innovative. We're now seeing messages that:
- don't always contain errors;
- are better designed (in terms of expression, logos, sender email address, etc.);
- look like official emails, sent using a fake address (the sender isn't a reliable indicator of authenticity);
- contain seemingly normal links, which actually redirect to fake websites;
- sometimes use your public information (from LinkedIn, Viadeo, Facebook, Twitter, etc.);
- use sophisticated tactics (i.e. send an initial, harmless, message followed by another a few weeks later containing the scam);
- are sent from one of your contacts, after their email has been hacked;
- contain attachments or forms that seem perfectly normal.
Faced with all these kinds of scams, the first line of defence is developing a critical eye. In any situation, you need to ask yourself if an email might be a phishing scam. You should do this even if it doesn't come from a mainstream address (i.e. Gmail, Yahoo, Outlook, etc.), contain spelling mistakes, or make a direct request for money.
Even if everything seems perfectly fine and the message doesn't contain any links or attachments, you should still take the following basic precautions:
- Never tell anyone your passwords;
- Don't send copies of official documents like your ID, proof of address or bank details;
- Never click on a link in an email unless you have checked that the address is genuine (at the very least by quickly hovering over it with your mouse).
If you have any doubts about the authenticity of the email, get in touch with the sender via a different means of communication using their official contact details.
If you think you have been sent a phishing scam on your work email, contact your IT team for advice and, if necessary, they will use specialist techniques to deal with it.