Phishing

Phishing is on the rise in South Wales. Phishing is the fraudulent attempt to obtain sensitive data, such as your username or password, by impersonating people or businesses you trust. It could be an email pretending to come from Tai Calon, but it could also be a text or instant message. Often there will be a link in the email you’ll be invited to click, that will take you to a fake website where you’ll be asked for your username or password details. With the increase in ransomware infections that are often instigated through phishing emails, being vigilant in detecting them is a critical step in protection. Here is a quick list for how to spot and handle a phishing email.

  1. Don’t trust the display name of who the email is from. 

    Just because it says it’s coming from a name of a person you know or trust doesn’t mean that it truly is. Be sure to look at the email address to confirm the true sender. If you are not sure, contact the individual or company separately to verify the email.

  2. Look but don’t click

    Hover your mouse over parts of the email without clicking on anything. If the alt text looks strange or doesn’t match what the link description says, don’t click on it-report it.

  3.  Check for spelling errors

    Attackers are often less concerned about spelling or being grammatically correct than a normal sender would be.

  4. Consider the salutation

    Is the address general or vague? Is the salutation to “valued customer” or “Dear [insert title here)?”

  5. Check the Email Signature

    Most legitimate senders will include a full signature block at the bottom of their emails.

  6. Beware of urgency

    These emails might try to make it sound as if there is some sort of emergency (e.g. the Board needs a money transfer, a Nigerian prince is in trouble, or someone only needs £100 so they can claim their £1 million reward).

  7. Is the email asking for personal information?

    Legitimate companies are unlikely to ask for personal information in an email.

  8. Be careful with attachments

    Attackers like to trick you with a really juicy attachment. It might have a really long name. It might be a fake icon of Microsoft Excel that isn’t actually the spreadsheet you think it is.