We’ve recently seen an increase of spoofed phishing emails, and we’d like to make you aware, so you can be vigilant and take extra security precautions against cybercrime.
- Check the sender is who you think it is. Most phishing emails use the target’s details or email signature, but the email address might be different to their actual email address. Check the sender bar before opening the email, replying, or opening any attachments. Be cautious of generic greetings such as “Hello Customer” as these are often signs of phishing attempts and beware if the tone of the email isn’t how they’d normally approach you, or their spelling and grammar. If you are concerned about the legitimacy of an email, call the company directly.
- Think before you act. Be wary of communications that ask you to act immediately. Many phishing emails attempt to create a sense of urgency or fear. Don’t click any links or open any attachments that you’re not expecting. This applies to emails, and online posts such as social media.
- Don’t supply sensitive personal information over email, such as passwords.
- Ensure you are using 2 Factor Authentication where possible. (Silvertoad’s email clients now all have this enabled and enforced). Multi-Factor Authentication ensures that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that allows it as an option.
- Ensure your passwords are different for each website / account. Especially ensure your email account password is different, as this will often be used for verification.
- You can use a trusted password manager for all your passwords. There are several options out there, such as LastPass, Nord and Dashlane
- Ensure your password is secure and not easy to guess. You should consider using long, complex, and different passwords.
- Install and update antivirus software – ensure all your devices are equipped with regularly updated antivirus software and firewalls enabled where possible. Ensure your device itself is kept up to date, as system updates often include security patches too.
- Inform your email provider of potential phishing attempts
Knowing what to look out for:
As well as the steps above, there are some email styles notorious to phishing.
Problem: the sender wouldn’t often sign off with their full name. They might be in the same office as you or already know your availability. Would they be on lunch at this time of sending?
Problem: the sender of this email is not from PayPal, instead it is @gmail.com. Be aware that some email attackers use a slightly more believable email such as [email protected]. Sometimes, a realistic looking email address can be used too!
By following this advice, you can increase your protection from the most common types of cybercrime.
If you think you may have fallen for a phishing attack, there are a few things you should do:
- While it’s fresh in your mind, write down as many details of the attack as you can recall. In particular, try to note any information such as usernames, account numbers or passwords you may have shared.
- Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you’re changing passwords, you should create unique passwords for each account.
- Confirm that you have multifactor authentication (also known as two-step verification) turned on for every account you can.
- If this attack affects your work or school accounts, you should notify the IT Support at your premises of the possible attack. If you shared information about your credit cards or bank accounts, you may want to contact those companies as well to alert them of possible fraud.
- If you’ve lost money, or been the victim of identity theft, report it to local law enforcement. The details in step 1 will be very helpful to them.