How to spot phishing and social engineering scams

Genesis Business Systems Blog

Don’t get caught out

We see them every day: emails, calls, and instant messages asking for access to your computer, your personal information, data that needs to be protected. Sometimes these thieves ask for passwords, account numbers, or personal identifying details; other times, they want you to run a malicious attachment or visit a dangerous website to pick up some malicious code.

While technology can help to protect you, it’s not a fail safe solution. Part of the responsibility falls on you, the end user. You need to be aware and know when to be suspicious and how to protect yourself.

Tell-tale signs of phishing

There’s all sorts of phishing emails out there but fortunately there are some “tells” you can look for to help suss out potential scams.

  • It just doesn’t look right. Does the message claim to come from someone you work with, such as your bank, a social networking site, or even your own company, but there’s something a little off about it? Trust your instincts.

  • Generic salutations. Instead of directly addressing you, phishing emails often use generic names like “Dear Customer.” This is because phishing emails are often sent out in large batches, and using impersonal salutations saves time.

  • Links to official looking sites asking you to enter personal information or confidential data. These spoofed sites are often very convincing, so be aware what information you’re being asked to reveal.

  • Unexpected emails that use specific information about you, like job title, previous employment, or personal interests. This information can be gleaned from social networking sites like LinkedIn to make a phishing email more convincing.

  • Emails asking you to act quickly. Thieves often use unnerving calls to action (such as saying your account has been breached) to trick you into moving fast without thinking, revealing information you ordinarily would not.

    View our 10 tell tale signs infographic

Common phishing scams and mistakes

  • Poor grammar or spelling. This is often a dead giveaway. Unusual syntax is also a sign that something is wrong.

  • “If you don’t respond within 48 hours, your account will be closed.” By creating a sense of urgency, the thief hopes you’ll make a mistake and act without thinking

  • “You’ve won the grand prize!” These phishing emails are common, but easy to spot. A similar, trickier variation is asking you to complete a survey (thus giving up your personal information) in return for a prize.

  • “Verify your account.” These messages spoof real emails asking you to verify your account with a site or organisation. Any time you receive a message asking to verify your account, look for signs of phishing, and always question why you’re being asked to verify – there’s a good chance it’s a scam.

  • Cybersquatting. This comes into play with spoofed websites. Often, thieves will purchase and “squat” on domain names that are similar in name to an official website in the hopes that users go to the wrong site. Always take a moment to check out the URL before entering your personal information.

Example

Stop threats at the door

There is no one fail safe way to protect yourself, the most effective method of protection is to ensure you have adequate cyber security  processes in place. Your first opportunity to defend against phishing attacks and other email-borne threats is strong email and web filtering.

The first line of defence: you

You are your own first line of defence against phishing. By educating yourself, you’ll be able to avoid falling victim to a phishing scheme – and putting your personal data, or that of your organisation, at risk.

Download our poster 

How can we help?

We can help you review your existing procedures and ensure you’re doing all you can to protect yourself against potential phishing attacks. We can also help you to train your staff to know what to look for.

Contact us today to get started, call 01482 210999 or email [email protected]