As we noted in a previous post, the festive period sees a rise in cyber attacks. Unfortunately this week, one of these came in the form of a fraudulent ‘phishing’ email, posing as UKFast. Al, the newest member of the comms team, takes a look at what phishing is and how we can tackle it.
What is ‘phishing’?
If you’re unfamiliar with ‘Phishing’, the name is a metaphor for one of the tactics which a cyber attacker uses to gain access to you and your stuff. They’ll pose as a trusted company and create a fake email that looks exactly like the design of an authentic email, in an attempt to snatch your personal details, or to infect your computer. Just like actual fishing, ‘phishing’ is about creating bait which looks and acts just like the real thing.
The reason ‘phishing’ is spelt with a ‘ph’ isn’t clear. It could be that the tactic was started by a group of people known as ‘phone phreaks’ who used the same technique, but with phone calls. It could also be that this spelling avoided detection online in the early days. Or, it might just be that it was a cool way of spelling things in the 90’s (think cringe-worthy 90’s phrases like ‘phresh’ and ‘phat’).
Phishing at UKFast
Recently, one of these phishing emails was sent out with a UKFast signature, and included an infected Word document.
This email was not the result of a breach or hack and was not sent from UKFast. This email was sent to thousands of people, some of whom inevitably are our customers. Please be aware that we never send .zip files or Word docs in our accounts emails, and we have SPF records in place, so (dependent on your email service provider) it may have already been caught by your spam filter.
Of course, the first thing we do when we hear of these fraudulent emails is to let our customers know.
How to spot a phishing email
There are already lots of steps in place to protect you from having to identify spam and phishing emails yourself. Modern email clients will put most of these straight in your Junk folder, so you’re already protected. Inevitably though, a phishing email might slip through these safeguards and end up in your inbox.
When you suspect an email might not be all it appears, or you are requested to provide any kind of sensitive information, take a note of these tell-tale signs of phishing:
- A lack of personal details
Legitimate companies have your name and title on file. They will tend to use your name in the email as an extra identifier. Fraudsters don’t have this email and will use ‘Dear Sir/Madam’, or avoid an introduction altogether.
- Unusual content
Would you normally receive this content from this source? If you’re not usually on the receiving end of an invoice from the sending company, it could be a phishing email. If you’re not expecting an attachment from someone, it is often best not to risk it – especially if that is a Word doc or ZIP file. Are you even a client of the company you’re receiving an invoice from?
- Misspellings or incorrect details
Phishing emails are guessing the best way to trick you into clicking the attachment. Although they are becoming increasingly sophisticated, there are occasions where key details will be misspelled or information will not be quite correct like URLs that don’t match. If something doesn’t ring true, perhaps that’s because it isn’t.
What to do if you think you have received a phishing email
- Put it in your junk folder
Don’t click any links, don’t open any attachments, and don’t sign in. It’s all hands off deck! If you’re unsure about the legitimacy of an email which looks urgent and requires a response, you can get in contact with the company via a phone call to authenticate it. Most companies don’t rely solely on email correspondence for important issues, and will either send another email or call you directly to follow up. Delete and ignore!
- Run anti-virus software
Maybe it’s too late, and you’ve already clicked on a link or downloaded an attachment. If that’s the case, then it’s time to run your favourite anti-virus software.
Find out more about our security solutions and how UKFast helps our clients to protect themselves from these type of vulnerabilities.