By: SBS Cybersecurity

Phishing– unfortunately not the fun activity you do at the lake. However, it does include a hook and bait.

Phishing is a cybercrime in which someone attempts to acquire confidential information by impersonating as a trustworthy institution or person. Such confidential information includes banking/ credit card details, passwords and anything else that could result in identity theft and financial loss.

There are many ways the attackers like to bait you: malicious links, email spoofing (hacked email account like the original one), urgent subjects, identity forgery etc.

Fear not, there are some tips that can help you avoid getting hooked. A crucial step is asking the Three W’s- Who, What and Why. When receiving an email, below are questions you should consider.

Who:

• Do I know this sender?
• Is this someone I communicate with often?
• Is this email sent to an odd group of people?
• Is the email address spelled correctly?
• Does the email address match the email in the signature?

 

What:

• What action does the sender want me to take?
• Does the email contain bad grammar, or typos?
• Is it an urgent request?
• Is the email written in a style consistent with the sender?
• Is the action something you would expect from the sender?

 

Why:

• Why do they want me to click on a link, download an attachment, or send information?
• Are they presenting a sense of urgency?
• Is there a consequence being threatened if no action is taken?
• Is the situation unusual?

 

Alas, attackers can be very good at their job and by asking those questions you can still have doubts. The next thing to do is verify the email. This is where you contact the sender via phone, internal chat software, or in-person conversation. They will let you know if it came from them or if you have been baited. Overall, do not reply to the suspicious email asking for verification.

Stay safe and be aware. People like to phish, but they can’t if you aren’t easy to bait.