Diving Deeper Into Phishing Scams

Underwater

Written by Rachel Cooper

Graduating with a Bachelor of Business/ Bachelor of Digital Media, and armed with a passion for research and writing, Rachel dived into the IT and cyber security space while flourishing her marketing career with All Covered Solutions on the Gold Coast.

12/10/2021

This all sounds a bit phishy, don’t you think? It’s Cybersecurity Awareness Month and we are taking you through everything you need to know to stay safe online and build cyber resilience for yourself and your business. With all kinds of scams on the rise since we found ourselves in these hard-to-believe times, it pays to be aware. 2021 does not need any more drama, thank you very much.

Let’s take a deep dive into what phishing scams look like, how to avoid them, and what to do if you have been caught.

Surface level: Phishing scams

Let’s start at the beginning: what is a phishing scam? According to the ACCC Scamwatch, phishing scams are “attempts by scammers to trick you into giving out personal information”. This information could include bank account or credit card details, passwords, or other personal details such as a birthdate that could be used to hack an account you own.

Attackers may gather this info by having the victim respond to their email or, more likely, click on a link to enter their details online. A common model of this type of cyberattack is for the scammer to set up a log in screen to mock a real log in such as your bank account or Microsoft account. They may tell you that your password is expiring or that you need to do something that requires you to first log in.

The victim then clicks the link in the phishing email, enters their details, and of course they are not logged in to the service they were expecting but have instead given their details straight to the cybercriminal.

There’s always a bigger fish: Let’s talk about spear phishing

Spear phishing is when the scam targets an individual within a business rather than a random mass audience. The scammer will use specific information relating to the business they obtained elsewhere to make the bait look like it has been sent from a trustworthy source.

For example, a spear phishing scammer might impersonate your boss using info they’ve obtained such as an email signature or a similar email address and hope you don’t think twice when you open it. They will usually contain a fake critical matter such as a legal issue or client complaint to give you a sense of urgency in hopes you will quickly click a dodgy link or reply with the details they asked for without taking time to consider if this is real or not.

We made a pretend pretend spear phishing email from a made up company “AirconAmerica”. Can you spot the error?

There are some obvious red flags in our example: the sense of urgency, the unusual request, and it seems to be out of the blue. However, on first glance the email looks legitimate with correct grammar and the email signature. The one giveaway here is in the sender email address. Did you notice it? Often cybercriminals replace a letter with a similar looking character, in this example, the message has come from “airconanerica.com” replacing the ‘m’ for an ‘n’.

Off the hook: How to avoid getting caught

Always think twice about what enters your inbox. Ask yourself, “is it out of the blue? Is it made to sound urgent?” if the answer is yes, it could be a phishing scam. Check the sender address – is it 100% correct? Look for small inconsistencies such as a ‘.com’ instead of ‘.com.au’ or a letter swap like the example above. Lastly, is the request unreasonable or beyond your normal duties? If the request seems a bit odd, chances are it may not have come from who it claims to be.

It’s suspicious: Don’t take the bait

Do not respond and don’t click any links or attachments. If you are suspicious of an email, you can start with one of two options: contact the ‘sender’ directly in a way you can trust – if it appears to be from your boss, call your boss directly to ask if they did send it, or ask your IT Team to check it out – that could be us!

We live for cybersecurity at All Covered IT, if you need help with a phishing scam (or any cybercrime) you can contact our team. We can help you identify a scam and rectify the issue.

Riding the wave: Stay safe out there

You are now equipped with knowledge to help you avoid falling victim to a phishing or spear phishing scam. The key takeaways are: always think twice, don’t respond to anything suspicious, verify the sender or contact IT immediately. You have got what it takes to #BeCyberSmart

You May Also Like…