Phishing for data

We’re talked about this briefly before but it bears repeating.

When cybercriminal goes phishing, they bait their line with a seemingly legitimate communication and hope to reel us in. The emails will use the branding of the relevant organisation and the phone calls will sound professional but their ultimate aim is to direct you to a website that the criminal owns to collect your personal and/or financial information.

Let’s quickly look at two examples:

• You receive an email from your bank saying there’s been some fraudulent activity on your account or that they’ve been hacked and you need to change your password. You need to log in on a special website to verify your details.

• You receive a call from Microsoft technical support telling you that you have a virus. They will get you to access completely normal activity logs on your PC and use that data to convince you that you are infected. Again, you will be directed to a special website with the added twist of needing to make a payment to facilitate the cleansing of your PC.

What can you do?

Be sceptical!

If in any doubt, take no action based on emails or phone calls purporting to be from a financial institution, service provider or business. If it sounds feasible then get in touch with the company using the contact details that you know to be correct. If it’s legitimate, they won’t mind.

Regarding technical support cold calls (or indeed any cold call that’s asking personal questions), just hang up!

How can we help?

We can show you ways in which you can check to see if an email might be legitimate. We can also recommend security software that should prevent you from access phishing websites. Ultimately, the greatest defence is awareness and a healthy dose of scepticism! Please get in touch if you'd like some advice.