What is phishing? And how can you avoid it?

Phishing is a type of online fraud in which cyber criminals send emails or instant messages pretending to be from a reputable company or person, in an attempt to access sensitive information, such as login credentials or account details.

Things have evolved since the days of emails promising jackpot payouts on the Nigerian lottery, and phishing emails generally come in the form of an official-looking correspondence from your bank or an organisation like PayPal.

And this increased level of sophistication brings with it an increased level of threat – even just clicking a link within an email can send a bug into your system that can access any sensitive data you have stored on your hard drive.

How to spot a phishing attack

Most phishing emails will look genuine at first glance, and will often instill a sense of panic in you to encourage you to click the link – this could be news that your login details need updating, or even that a suspicious payment has been made using your account.

But upon closer inspection, they often contain bad spelling or grammar, and a real telltale sign they are fake is that the any links contained will often point to an address different to the one typed in the message.

It’s also worth checking where the actual email has come from by clicking on the senders address, although the name may be from an official source – @paypal.com, for instance – the actual address the email has been sent from won’t actually be from that source.

Never click on any links in the email – this can be enough to let the hackers into your system.

How much do phishing attacks cost the UK?

Annual fraud losses in the UK could amount to £193 billion, and is one of the biggest criminal threats affecting UK business, according to research compiled by the University of Portsmouth for the 2016 Annual Fraud Indicator report.

And email phishing accounted for over three-quarters (77%) of all reported incidents, almost a third (29%) of which were found to contain a potentially malicious link that could deliver malware directly to the user’s computer or request personal details.

What to do if you suspect a phishing attack

The infographic below is from Sharefile, the business file transfer and sharing service from Citrix, and outlines how to spot a phishing attack, and what to do if you suspect one.

Have you ever fallen foul of a phishing attack? Share your experience with our community in the comments section…

Image from Pablo by Buffer.