First and foremost, how the heck do say ‘phishing‘? Well its the same as saying – fishing and yes it is also an act of fishing but instead of the catching fish, it is your data and sensitive information that are targeted.

What is Phishing? Fishing?

Phishing is a type of social engineering attack where the attackers attempt to steal user data, login credentials, credit card details and/or any other sensitive data. Phishing occurs when an attacker pretending to be someone they are not, usually using a renown name or brand name to attract you. Their objective is to ultimately have you click into opening an email, instant message or text message, and eventually trick you into clicking a malicious link, which can lead to the installation of malware, the freezing of a system as part of a ransomware attack or the revealing of sensitive information.

Phishing is not only regular, but it’s also the most damaging and high profile cybersecurity threat facing enterprises today – supported by research from Google, Black Hat, and US Homeland Security.

How To Tell If You Might Be Phished?

1. Getting A Request To Send Sensitive information over email

When you receive an unsolicited email from an institution asking for your details by requesting you to click into a link or attachment, this is highly likely that it’s a scam! Companies will not send you an email asking for your passwords, credit card information, tax details, nor send you any unknown link or attachment to log in or download.

2. Email Doesn’t Address You By Name

Most of the time if not all, phishing emails do not address you by your name, but uses generic salutations such as “Dear customer”, “Dear account holder”, “Dear valued member”. If it is a legit company, and one that you have been dealing with, all their correspondence would address you by name, and most probably direct you to contact them via phone.

3. Email Sender Didn’t Use Business Domain Name as Part of Their Email Address

It is important that we check back on the email domain used to send us that particular email, other than properly going through the content in the email. You can check the sender’s email address by hovering your mouse over “from” to see their email address. Make sure that there are no alterations made (like additional numbers or letters) to a known company or brand name. A clear example to recognise is between the below two email addresses:
support@maybank2u.com.my
support@maybank2u123.com.my

Do note that this isn’t a foolproof method. You may also come across with companies who make use of unique or varied domains to send emails. There will also be occasions where smaller companies use third-party email providers. So, it is important that you get to know the companies which you have engagements with, and to read through your emails in detail before taking any actions.

 

Prevention

The best remedy is prevention. Stay safe from phishing by following this guidance:

  • Don’t click on suspicious links
  • Don’t enter your credit card information into unknown or untrusted services
  • If a link directs you to your banking website, open up your banking site in a separate window by typing the name in manually
  • Don’t fall for obvious scams that claim you’ve won a prize
  • Check the address bar for suspicious or copycat URLs, for example, my.apple.pay.com

No matter how hard you try to educate yourself and your team, it’s inevitable that some attempts will slip through the net. To stay ahead of the attacker it’s imperative to have a security solution in place which is able to intercept traffic to phishing sites, stopping the threat at its source.