How to spot Phishing and prevent being a victim

The Coronavirus pandemic and the resulting changes in the way we now work and live has lead to a feeding frenzy among Cybercriminals.

Phishing attacks have ramped-up by over 667% in March alone and scammers are finding more and more creative ways to prey on vulnerable victims.

In the UK, we have all received a text from the NHS or government, urging us to follow the guidelines, stay home and stay safe. Many of us have also received a very similar text or email, telling us exactly the same, but with a suspicious link promising a monetary rebate or extra tips on how to stay protected. If you’re reading this, you already know what I’m going to tell you – this is a scam and somewhere there’s a hacker attempting to steal from you.

But how do you spot these threats? How can you be sure what is genuine or what is a scam?

I’ve put together some pointers for you to help spot the warning signs.

1. If there is ANY uncertainty, don’t open. 

If it’s that urgent, they will chase you. If it’s genuine, you will either be expecting the email or message to arrive. You’ll also get a reminder or a phone call from the real person or organisation when they don’t hear from you. If you don’t, and you still think it might be genuine. Go to their website, find their contact phone number and call to ask

2. Sounds too good to be true, it probably is.

Come on… be real… nobody wants to just give you free money. And you didn’t enter a competition to win a Ferrari, so why would you think that you’ve won one? Be sensible and think if it could be someone trying to take advantage you.

3. Looks legitimate? Check the details

Look at the senders name, their e-mail address and any links. It’s easy to change a letter to a number. My email address for example; Kelly.Ilbery@planet-it.net could be changed to Kelly.Ilbery@p1anet-it.net (1 instead of l).

Is the email addressed to you? e.g. “Dear Kelly”. Or is it addressed “Dear Client”. If you are a customer, they’ll know your name. If it’s a scam sent to thousands of people, they may use client or customer in place of your name.

Here’s a real world example that’s very relevant at the moment and one that has been received by thousands in the UK over the last few weeks. Many people have had their working circumstances change recently. People are on furlough, small business owners are due grants and many are unlucky enough to find themselves unemployed. There’s a lot of change and it’s confusing to know exactly what you might be due and when. A text like this might be exactly what you’re waiting for.

However, look at the link. Genuine texts from the government come from gov.uk. And their official website for the crisis is: https://www.gov.uk/coronavirus. This text tries to mimic that in some way with https://uk.covid-19.

However they are using this as a subdomain of webdirect.org – not an official website. If you clicked on the link, you would have been redirected to a website that even looks like an official gov.uk website asking for details. This is exactly the thing they do and what you need to look out for. As you become more vigilant, you will get better and better at spotting this.

In general terms, big organisations, banks or the government tend not to include links because they’re told that it’s exactly what hackers will do. They’re more likely to tell you to log into your account, encouraging you to separately go to their website, not linking form an email or text. so if you get an email from your back asking for details and not encouraging you to “Log-on to your online account”, it’s probably a phishing attack.

4. And if you still really want to click it, go directly to the web address instead. 

If it’s a link that states it will take you to the WHO website, and you’re interested in seeing what the WHO are saying, go to it yourself by googling WHO, don’t use the link! If it’s important enough for them to email or text, then you’ll be able to find details on their website. Can’t find the details on their website and you still think it’s real – call them using the number on the website.

5. Ask

If all else fails, and you’re still not sure – just ask. My team and I are on the side of the good guys (Yeah I know the bad guys might say that too!). Our careers are based on fighting scammers and helping protect people from being tricked. So if you’re in doubt, or if you think you might already be a victim, give us a call and we’d be more than happy to guide you in the right direction – 01235 433 900 or email SecurityServices@Planet-IT.net

Looking for a technology partner?
Let’s talk