Liquid Link Logo

Focus on phishing – don’t get caught on the hook

What’s another name for a hacker who uses phishing to trick email recipients? A prawn-artist. Boom! Seriously though, phishing is no laughing matter and can cost you dearly if your sensitive personal data ends up in the wrong hands. Here we look at the practice and the warning signs to look out for which suggest that an email may not be genuine.

What is phishing?

It’s got nothing to with fins or scales (or dating websites for that matter) - phishing is the term used for the fraudulent practice of luring people to websites they wouldn’t normally use. It is typically carried out by unsolicited email or instant message in an app or social media platform. The goal is to direct the user to a fake website, often in a bid to get them to enter personal details. Communications can appear to be from banks, retailers or service providers and have the look and feel of the real thing, the only difference is the website you are pointed towards.

Don’t get caught on the hook - the warning signs

The phishing techniques used by hackers are becoming ever-more sophisticated, making them all the more easy to fall for. Most of us would see right through a communication from a Nigerian prince, promising a share in his fortune if you would just part with your bank details. But what about a very official and legitimate-looking email purporting to be from your bank or a trusted service-provider? Harder to spot unless you are paying close attention. So here are some of the warning signs to look out for: #1 - Asking for personal information Financial institutions, reputable online retailers and service providers (including Liquid Friday) do not email or message their customers asking for personal information or information which they should already hold. Here is an example of a phishing email sent to DHL customers to trick them into entering their personal details on a fake website. [caption id="attachment_2215" align="aligncenter" width="991"]phishing example Image credit to Comodo[/caption] #2 - Badly written emails or threatening language Read emails and messages carefully. Phishing emails frequently contain spelling or grammatical errors which professional companies would (hopefully!) never make in their communications. Likewise be alert to scare-mongering language which threatens repercussions if you do not take the actions they are asking you to, such as deactivating your account or cutting off your service. #3 - Hidden or misleading links One of the hallmarks of a phishing attack is a link directing you to somewhere other than where it claims to. Hover over links before you click on them. Be aware that some URLs might look valid at first glance but use a different domain (.net instead of .com for example) or try to catch you out with a slight variation in spelling. Also look out for shortened URLs. Scammers can use services such as bit.ly, to shorten long URLs which further disguises the link’s destination. #4 - Dodgy-looking attachments A relatively new phishing trick is to bypass spam filters by placing the text of an email and fraudulent links in a file attachment, such as a PDF document, rather than in the body of the message. Files may also contain malware, so only click on attachments which you are completely sure about. #5 - The sender’s email address Have a look at this email claiming to be from Amazon. At first glance it looks legit. Now look at the sender’s address in the email header - it in no way matches the name or the domain it is allegedly from. “noreply@amazon.com” [caption id="attachment_2216" align="aligncenter" width="724"]phishing example Image credit to Heidmal Security[/caption]

What do you if you’ve been phished

If you have a hunch that you’ve received a phishing email or message, do not reply to it, download any attachments or click on any links within it. Just ignoring such emails helps the cyber-scammers to get away with it. Always report it directly to the organisation it claims to be from, but don’t use the contact information in the phishing message. If you do get caught out, immediately change your passwords for the accounts involved and contact the company in question.

No phishing!

At Liquid Friday we take our security and that of our contractors and agency partners very seriously. We will never ask you to provide or verify personal details by email, text message or through social media. If you receive any suspicious communication purporting to be from Liquid Friday, contact us straight away. Do not reply to the message, click on any links or download any attachments. While we are on about cyber security, you should also change your Liquid Friday portal password regularly to keep your account safe and secure. Here’s a screenshot to show you how: Liquid Friday portal

A final word of advice

Our final tip to avoid falling for a phishing attempt is to go with your instinct. If something doesn’t feel quite right, don’t risk it - report it.