We’ve talked a lot about phishing. How to spot the signs, how it can affect your business, how easy it is to do. But it’s still this scary term that needs its villainous cloak removing. Things are always less worrying when you know what they look like. In this blog we thought we would show you some phishing emails and explain what is going on.
For a quick recap, phishing is where you receive an email from what appears to be a trusted source, maybe your bank or a courier provider, asking you for personal information. They may do this by asking you to update your details or reset your password. In this event you would be taken to a website masquerading as the original, you would provide your details and then make yourself financially vulnerable. For example, you may click a link to reset your password at Lloyds Bank. You provide your old password to be able to get a new password. The person who sent the phishing email now has the password to your bank account which you haven’t actually changed.
Instant Bank Transfers
Our first example is a targeted phishing email, also known as spear phishing. For a little background information, Carole works in ACUTEC’s Finance office and Chris Roche is ACUTEC’s Managing Director. We don’t mind telling you this because it’s easy to find on Google so we’re not making ourselves vulnerable by revealing that information. In this instance, Carole has received an email from what seems to be Chris asking her to make a bank transfer. There are several things wrong with this email. The first is that it says Christopher and anyone who receives emails from Chris knows that he is Chris and not Christopher. The second is the email address that the message has come from firstname.lastname@example.org is not Chris’s email address.
The other thing to look out for with a phishing email is the tone. If it seems odd you should question it. Carole would question this email because there is no context and it’s not how Chris would normally communicate. He would never send ‘kind regards’ in an internal email.
The below email is similar in ways to the first, although there are differences. In this case the correct name and email address are being used so it’s less easy to spot. In this case, you would need to be very aware of the tone and context of the email and review whether it seems strange to you. The giveaway in this email for Carole was the ‘Sent from my iPhone’ as Chris has never owned one.
HM Revenue & Customs
The below screenshot is of a less targeted phishing campaign. It’s not pretending to be someone you know but it is pretending to be a trusted source, in this case HM Revenue & Customs. The format appears the same as a genuine email. Again, the source of the email address does not seem genuine in this case and if you hover your mouse over the link in the original email you can see it would take you to an unfamiliar website.
Some emails you will just immediately junk without it even registering that they are a phishing email. In the below email the individual has stated that you are the beneficiary of a considerable sum of money. For you to gain this money you will need to provide personal information and a smaller sum to gain access, obviously there is no bountiful inheritance waiting for you when you pay.
We have received a few emails masquerading as Apple. In the case below it says that the Apple ID has been frozen and information needs verifying. You need to think when you receive an email like this from certain providers. Is your work email address linked to an Apple account? Is it linked to Amazon? If not then the likelihood is that you have received a fraudulent email and you can just hit delete straight away.
If you have any questions about phishing emails and your business don’t hesitate to get in touch. Call 01675 469020 or email email@example.com.