12 June 2017
According to the PwC Global State of Information Security Survey 2017, phishing is the most pervasive cybersecurity and privacy threat faced by organisations globally including Singapore.
A phishing email attempts to fraudulently acquire sensitive information like your account numbers and passwords by posing as legitimate individuals, companies or organisations. They can appear in various forms. Some contain attachments with harmless looking subjects such as “Urgent: Minutes of Meeting”, enticing recipients to open the attachment which are actually malicious, while others contain shortened URLs as hyperlinks, making it hard for recipient to decipher them. As such, they are able to trick recipients into visiting malicious websites. Phishing has also begun to appear on social media sites as attackers take advantage of the inherent willingness of users to trust messages or links sent by their friends.
Below is an example of a phishing email. Can you spot the tell-tale signs?
Firstly, the sender’s name and email address are inconsistent. You can verify the company’s email address easily by doing a search on the Internet and referring to the company’s official website. Secondly, a suspicious URL is displayed when the user hovers the mouse over the link.
Tell-tale signs of phishing emails
- Threats of dire consequences for not responding
Unsolicited requests for sensitive information
- Promises of attractive rewards for replying or clicking on the URL
- Different URL displayed when you hover your mouse over links in the email
- Requests to open file attachments (e.g. .exe, .zip file types)
Phishing attackers often take advantage of current events and certain times of the year, such as:
- Natural disasters
- Epidemics and health scares
- Economic concerns
- Major political elections
- Death of prominent figures
Catch a Phish: Take a Quiz - http://www.washingtonpost.com/wp-srv/technology/articles/phishingtest.html