How to avoid getting caught by phishing emails

By Miles Reucroft
29-Jun-2017 10:12:43

Fishing may be seen as an idyllic activity to be enjoyed at leisure, especially in the heat that we have recently been enjoying, but its phonetically identically cousin, phishing, is leaving us all in real danger of being caught on indiscriminate hooks.Phishing image 2 800X355.jpg

Much like its traditional namesake, phishing comes in many forms, from highly targeted, carefully baited lines to simply throwing out a huge net and trawling for the slowest movers.

We have, in all likelihood, seen phishing in action on our own email servers. It is hardly a new-fangled concept, but its techniques are evolving and it is becoming an increasingly sophisticated con. The days when you received an email telling you that you’d won the lottery in some far flung corner of the globe, are, by and large, gone. You might still receive the odd email claiming to be from a rich benefactor who promises to send you millions of pounds if only you can stump up their duty tax upfront to help them release the funds.

These approaches are old hat, but have been successful. They played on a very real human emotion and weakness – greed. Could you really get £5million for just transferring someone a few hundred?

They then moved on to play on another human weakness – sympathy. The emails would detail a story of pain and injustice to which you could play a central role in relieving.

This is the concurrent theme: emotion.

The evolution of phishing leads us to where we are today. We face an increasingly confusing time deciphering the genuine from the fake, much like wider society. What is real? What is phony?

Scammers today can pose as someone you know, or as a brand that you trust. Would you ignore a seemingly personalised email from your CEO? Such approaches seek to exploit any gaps in your working relationships. If employees work in a draconian, disciplinarian atmosphere, they are far less likely to questions the validity of any email from their bosses.

Phishing, as ever, is a numbers game. The success rate is low, but it is easy for scammers to produce emails in huge volume. You might be confident in spotting a spurious approach, but what about your colleagues? Techniques are so sophisticated that anyone can be caught unawares – it only takes one moment of weakness; one minor mistake in opening an email.

So, how can you spot phishing emails? Furthermore, what can you do if you fall foul of such an approach? As ever, having a plan in place and seeking to rectify any errors as soon as possible, is the best way forward.

Intelliflo and NCC Group have recently produced a paper on phishing, How to protect yourself and your organisation from phishing attacks. It is designed to help you to identify malicious emails, implement best practices and deal with any successful phishing emails in your personal and professional life.

That’s the thing with phishing, it’s an indiscriminate and omnipresent email threat. How are you dealing with it? You can download the paper here.