Beware of phishy links asking for your passwords
‘Phishing’ is a type of spam email where scammers try to reel you in with the hope that you’ve got a connection to the company they’re pretending to be from. (‘Smishing’ – ie, SMS-phishing – is the same thing when a text is used instead of an email.)
Most of us receive plenty of these each year, such as “your bank security is broken, click here” or “we need your help to retrieve funds”, or “your subscription’s about to run out”.
The emails (or texts) disguise attempts to steal your passwords, bank codes and money. Often they’ll ask for bank or credit card details. Sometimes they’ll ask you to download viruses onto your computer. There’ll be some sort of link. It often looks real.
When you click on it, it’ll probably take you through to a professional-looking website – a mirror image of the real thing. You’ll be invited to put your password in – at that stage, you’ll be parting with your cash.
They’ll mine for your personal details to build a better profile of you, and could use this to commit identity fraud, taking out mortgages, loans and credit cards in your name.
NEVER click on a link and enter your password – no matter how genuine it looks. If it looks like a genuine security concern, call your bank or visit its published web address. See our top tips to see how genuine-looking links can catch you out.
The same rules apply to any documents attached to an email. To ensure you’re not caught out:
Never, ever, ever, ever, EVER open an attachment unless you’re 100% sure of its contents. EVER.
New. A quick and easy way to report scam emails
The National Cyber Security Centre (part of GCHQ – the Government’s cyber and security agency) has launched a suspicious email reporting service to take phishing scams down.
All you have to do is forward suspicious emails to its firstname.lastname@example.org email address.
Once you’ve reported a suspicious email, the NCSC will analyse it and any websites it links to. If it believes it’s malicious, NCSC may:
- Seek to block the address the email came from, so it can no longer send emails.
- Work with hosting companies to remove links to malicious websites.
- Raise awareness of commonly reported suspicious emails and methods used.
While the NCSC is unable to inform you of the outcome of its review, it has assured us that it acts upon every message received – as an example, within the first week, the new service received over 25,000 reports and, as a direct result, it has already removed over 400 phishing campaigns.
We’re 1-fix, we can help you secure your business
At 1-fix, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.