A Christmas message of warning, but don’t panic!
At this time of year, we all need to be extra vigilant as digital attackers look to exploit the increase in email traffic, especially from courier and other delivery companies. This method, known as “Spear Phishing”, is a form of direct email masquerading as a legitimate email.
At this time of year, it’s pretty normal to receive frequent ‘tracking’ emails, to advise your package has been dispatched, and it is this that digital attackers rely on.
Tips to help you identify a ‘spear phishing’ email One of the main features of a phishing email is to create a sense of urgency, with the intention of putting the recipient under pressure to respond to the email quickly, without fully reading or checking its legitimacy. This, combined with the usual seasonal pressures of ordering and receiving Christmas gifts on time can mean that mistakes are easily be made.
A typical email subject: “Urgent action: payment declined”. With most of us having purchased items online at this time of year, together with increased spending, this is an attention-grabbing and worrisome email to receive, and one that is likely to cause concern and lead to the recipient to investigate further.
This falls within the domain of “Spear Phishing”, as it is a targeted attack using the increased volume of online purchases.
As a simple precaution, before opening an email, ‘hover’ your mouse over (or on mobile devices, hold your finger on, but not click) the sender’s name. This should show the email sender. If it is a name you’re not expecting to see, and is either vague or random, it is most likely a fraudulent email.
Other types of phishing methods
There are many other phishing methods which attempt to get users to divulge sensitive information.
· Both ‘email phishing’ and ‘generic fraudulent email’, may appear to come from a known contact or company.
· Vishing, or voice phishing, occurs when a caller may call repeatedly, and on each occasion, glean some information to gain more and more legitimacy.
· QRishing or fraudulent QR code. Take for example attending an event or visiting a public cafe. Many of these venues offer WiFi services or other information via a QR code to be scanned, but a fraudulent QR code can direct you to a fake website or download.
Unfortunately, there are many more.
We would encourage all users to be alert to the possibility of phishing activity and have I.T. security at front of mind, particularly at this time of year.
We hope this snippet has been useful. If you would like more information on phishing or any other I.T. related matter, please contact our Team at solutions@datcom.co.uk
At Datcom we put I.T. security at the forefront of our services. We are also a Community Ambassador for the East Midlands Cyber Resilience Centre