“ Never see the way I came, looking like a Phisherman ”

I’m talking about phishing emails people. We have probably received an e-mail from HMRC saying “you are eligible to receive a tax refund of £263.45”. Is it me or do those e-mails only come during hard times? Don’t be fooled though, this is another way cyber criminals get us to download malware and steal our login credentials / account information. TV Licence nearly caught me out but thats because I never pa… nvm. That’s a story for another day. These will seem legitimate at first glance, but taking a closer look at these emails we can spot certain clues.

The following are telling signs that can help us recognise these types of e-mails:

• The email does not address you by your name, rather it says “Dear account holder” or “Dear (your email address)”
• The email asks you to click a link to update your payment details
• There is a sense of urgency in the email
• There may be spelling / grammatical errors in the email.

Phishing is easy and can target thousands of people so hackers use this method as it is easier to trick someone than it is to break into their system. As I said in my last blog, we need to be vigilant.  Remember, only one person needs to fall for this scam for the attack to be deemed successful.

Spear phishing is a phishing attack that is more targeted towards organisations and individuals. These attacks are more specific to the user which makes the email/text message seem more authentic and instills trust in the user, causing them to act. For example, just recently there has been a fake email from Netflix that has been going around asking you to update your bank details/account information. Most of us have a Netflix account, so we may think that something is wrong with our account and this will cause us to check.

But how do these hackers get our information in the first place? Well there are organisations that sell our data to third parties. However, the scary part is that our data is also available publicly which these hackers have access to. There are tools available online where these hackers are able to tailor their search for different organisations in order to get our email addresses. I will delve into this in a future blog.

During the current COVID-19 pandemic, hackers have been very active. Just recently, EasyJet was hacked and had admitted that email addresses and travel details had been stolen. Like myself, we had holidays booked for this summer and the pandemic has caused us to miss these holidays. Hackers may send us e-mails saying that we can cancel our flights and get refunds. They will use email spoofing to make the email seem legitimate by using company headers and logos to trick us into giving them our bank account details.

Clever techniques used by Hackers 

Hackers will shorten the length of the URL in order to hide the destination of the link and make it harder to see if the link directs the user to a legitimate website or a malicious one. There are services available like ‘Bitly’ which allow people to shorten web links. 

Another technique used is to hide the message as an image in order to get pass the phishing defences. There is security software that scans emails for certain phrases, so hackers will include little content in their phishing emails. The email filter could be tricked into thinking the email is safe because there is little to no content.

They will also mix legitimate and malicious code by inserting white spaces and adding invisible text. This will make the email to appear clean to the email filter.

There is no single method to avoid phishing attacks but if we follow the tips in the “Tips with T” box, these are some ways in which we can improve awareness and stop ourselves from being deceived. 

Tips with T

– Click on the senders name to reveal the real senders email address – Look for spelling / grammatical errors – Don’t click on attachments – If in doubt call the company to check if everything is in order