Can you spot a phishing email?

There has been a significant increase in the numbers of malicious email evading spam filters and reaching our inboxes. Much of this mail is targeted, made to look legitimate and crafted with language to give a sense of urgency, hoping you won’t stop and think.

A new security quiz helps you spot fake messages. It has been created by Jigsaw, a subsidiary of Google, who say: “We’ve studied the latest techniques attackers use and designed the quiz to teach people how to spot them.”

We’ve heard about data breaches from well-known firms – Amazon, British Airways, Equifax, Facebook, Google+, Marriott, T-Mobile, Uber. What happens when your data gets into the wrong hands?

Put simply, attackers will use that data to try to get hold of your money. They know which companies you expect to hear from and your contact details. If they don't already have your password, they will send you a spoof ‘phishing’ email which may contain an attachment that downloads malware to your computer or a link that invites you to login to an account and hand over even more of your personal data.

Types of Email Scams

Credential Phishing – bulk emails posing as well-known brands (Apple, Microsoft etc) that contain a link to a fake sign-in page attempting to steal your username, password or credit card details. 

Spear Phishing – targeted attacks, using gathered information, that pretend to be from a colleague or business partner. The attacker will make the email look genuine – showing the sender’s real email address. It may even be sent from their actual email account, the result of a successful phishing attack.

Clone Phishing – an almost identical copy of a previous legitimate email, sometimes sent as a reply or forward, from a trusted contact but containing a malicious link or attachment.

Security software can protect you from known threats and watch for suspicious behaviour but the best defence is to be wary yourself. Take these precautions:

  • Question the validity of unexpected emails.
  • Use different passwords for different sites – make them stronger by using numbers and symbols.
  • Change your password if ever you hear an inkling of a data breach.
  • Where available, use 2-FA (multi-factor authentication) so you are not reliant on just your email address and password to login to a site.
Encourage your colleagues, friends and family to take Google’s Phishing Quiz – the fewer the people who click on these dodgy links, the less chance you have of their infected computers trying to breach yours.