Spear Phishing

Don’t open the door to hackers

by Jennifer Kennedy.

Phishing uses fraudulent emails, texts and phone calls to obtain personal and financial information (such as account details and passwords) or to trick people in to performing an action (such as authorising a payment). These attempts are becoming increasingly professional and try to appear genuine by mimicking the look and brand of companies or organisations to gain trust.

Fraudsters often invest a lot of time and effort in trying to hack the accounts of people who have access to budgets or personal, sensitive or confidential information.  Targeted attacks are known as ‘spear phishing’ and phishing high value targets in an organisation is known as ‘whaling’.

This video (courtesy of one of our suppliers, Cisco) gives an insight into how a hacker might think and act.

There are several ways to spot phishing emails:

  • Be suspicious of any urgent requests for personal or financial information
  • Be wary of attempts to make you take immediate action around financial payments, transfers or authorisations
  • Check the quality of the communications. Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing
  • Check hyperlinks and email addresses by hovering over them to show where they lead. If they aren’t genuine, they will often be peculiar web or email addresses.

How can you protect yourself?

  • Always ensure you are using a secure webpage when submitted credit card or other sensitive information. Secure web addresses begin with ‘https://’ and/or show a security lock.
  • Do not give out personal information in response to an unsolicited email, phone call or text.
  • Be sure you are going to the correct site by typing in the address yourself
  • If in doubt, call the company or individual which the email claims to be from. They will usually be able to confirm whether the communication is genuine or not.
  • If you think one of your accounts has been compromised, you should change your password immediately.

If you’ve responded in the past to one or more phishing emails be aware that you may be the target of further, more sophisticated attacks via email or phone.

If you have clicked on a suspicious link or opened an attachment, suspect you have a virus or have any other IT Security concerns, please contact IT Help.

For more advice about dealing with suspicious emails, visit the University’s IT Help pages.

You might find this Lynda.com playlist on Cybersecurity useful too.