Web Hosting Blog
Phishing is a type of scam that relies on social engineering techniques to be successful. It involves tricking an unsuspecting individual in to giving up sensitive information, whether this is their own, or that of the organisation they work for. Phishing scams can be conducted in a number of different ways including via email and over the phone. In more recent years, attacks have also been known to be carried out via instant messaging too. This is done by the attacker disguising themselves as a trustworthy person or organisation, often as an organisation that would be recognised and trusted by the victim. Victims are contacted using communications designed to feel genuine, and are then typically directed to a website, which, is also designed to look genuine. The site will normally ask the victim to input certain details, such as banking information, or passwords. Sometimes phishing emails are sent demanding payment for a certain service, a good current example of this is the TV license phishing scam which informs victims that they are behind with payments to their TV license, and directs them to a place in which they need to clear the “outstanding balance” immediately, or suffer the consequences. Because these emails and messages often look incredibly genuine, this type of cyber attack is popular amongst criminals due to being relatively easy and cheap to carry out.
There are so many different types of phishing scams. Spear Phishing is phishing that is targeted at a specific individual. The attacker will often obtain sensitive personal information about that individual in order to target them. This can then be used to reinforced their perceived legitimacy, or in some cases, even used to bribe them in to revealing the sensitive information that the attacker is really after. The attack we mentioned before with the TV license scam, is what is known as Clone Phishing. This is where communication is intended to look as genuine as possible to trick a victim in to believing they are interacting with a legitimate company that they are a real customer of. This then makes them much more likely to willingly hand over personal information or make payments. Social Engineering can also be used to lure people to malicious sites. For example, a fake news story designed to cause outrage amongst readers may be littered with infected links in order to catch readers out.
Thankfully, there are now many different anti-phishing strategies that companies can implement. This, coupled with huge public awareness campaigns in recent years means that individuals are becoming more wise to the tell tale signs of phishing scams.
The best defence against phishing scams remains to be education. Many companies now invest heavily in training their staff to spot the tell tale signs of a phishing scam, such as:
Emails that have come from a non genuine address
Emails that address the user with a generic greeting, for example, “Dear Valued Customer” instead of “Dear John”.
When in receipt of a communication purporting to be from a legitimate company but asking for personal information, payment, or a verification attempt, it is prudent to contact the company via a trusted contact method first, or manually navigating to the genuine site without using any links in the email received. The liegitimacy of the communication can then be independently checked by the user in this way.
Talk to your email or hosting provider about what measures they can, or already do, place on your account to protect you against phishing attacks, namely whether they are able to offer you an email spam and virus firewall. Phishing scams are still rife in the online world, so it’s important to be able to spot the signs both in your personal and business communications, and to educate your staff about the warning signs and dangers of phishing scams too.
To speak to CWCS Managed Hosting about the Email Spam and Virus Firewall add ons we can offer you to protect your inbox from phishing scams, don’t hesitate to get in touch with us today on 0115 740 1234.