Sydney Outsourced IT Services Blog
6 Signs of a Potential Phishing Campaign
Cybercriminals use a technique called phishing as a way of tricking unsuspecting victims into opening an attachment. When you click on the attachment, the cybercriminal downloads malicious malware onto your device designed to steal your personal information, bank account details, user names, and passwords. Imagine the impact on the Australian private sector when data like bank accounts, personal passwords, user names, and credit card details are stolen. Cybercriminals are getting so sophisticated in their phishing campaigns it is becoming increasingly more difficult to spot real emails from fake. The Australian Cyber Security Centre (ACSC) advises that there is an advanced and persistent threat with COVID-19 related phishing scams targeting Australian businesses.
Here are 6 signs your staff needs to know how to spot a sophisticated phishing campaign.
The Email Address Looks Suspicious
A legitimate company usually have their own domain name as part of their email address. For instance, a genuine bank email would look like this – [email protected] however, you can spot a phishing email address with alterations to the domain name and address – [email protected] – as you can see the numbers 68 have been added to the address. When numbers and letters are added to an email address, this is a sure sign this is a phishing email.
The Salutation Is Generic
Legitimate organizations know your personal details whereas a phishing email will use generic salutations like:
- Dear valued customer
- Dear account holder
- Dear customer
- Dear Sir/Madam
The Email Scares You
Beware of threatening or urgent language in the subject line and body of the message. The email is designed to make you panic with sentences like this:
- Unfortunately, the delivery of your order AB0045927 from Bunnings was canceled…. Please fill in this form and send back your reply!
- We regret to inform you your account with Westpac has been suspended because….. Please download the attached file to update your personal information.
- Your account will be deleted in 7 days so sign in here to reactivate your account.
- The attached information shows you where to get tested for COVID-19.
The Email Is Poorly Written
Genuine companies employ people who are fluent in English and know how to spell. Incorrect grammar and punctuation along with spelling mistakes are often an indication that the email isn’t genuine. For instance, “i am writing to inform you account have been suspended due to .. if we dont get your timely reply you will not receive your money backed.”
The Message Contains a Mismatched URL
A phishing attack contains URLs in the message in the hopes you will click on the hyperlinks. Often the URL in a message is mismatched – while it looks perfectly valid, if you look closely by hovering your mouse over the top, the URL displayed is actually different from the hyperlinked address displayed.
The Message Asks for Personal Information
If an email asks for personal information, it is a bad sign even if the email looks to come from a legitimate entity. Reputable companies will never ask for your password, credit card, or user information, they already have this information.
The threat is real and not only applies to regular emails, but also to other initiatives such as the massive phishing campaign that is also underway using Excel macros to hack into PCs. Make sure you train your staff on how to spot potential cyber threats so you and your employees don’t get caught up in a phishing campaign. Sydney Technology Solutions is here to help you with security awareness training and the steps you need to take to protect yourself and your employees from the fallout of sophisticated cyberattacks. Call us at 02-8212-4722 to ensure your email service is free from viruses, spam and malware.