Episode #5 of the course Cyber security basics by FutureLearn
Phishing is a method used by cybercriminals to access valuable personal details, such as usernames and passwords. You can receive phishing communications in emails, letters, instant messages, or text messages, and they appear to be authentic communications from legitimate organizations. Often, you’ll be sent a link and encouraged to log in to the organization’s website using your username and password, but the web link you’re sent to, while it may appear genuine, is a hoax web page designed to steal your personal details. Phishing emails are usually sent to a huge number of randomly generated addresses, but by clicking on embedded links, you may in fact be verifying your e-mail address, which might make you the target of further phishing emails.
In some cases, cybercriminals will go to great lengths to make sure the communications you receive appear just like those of the organization they are impersonating, using the same logos, color schemes, and design. The email address that appears in the “From” field of a phishing email may even appear legitimate, but there is no guarantee that the email came from the person or organization that it claims to have originated from.
However, there are often some giveaway signs of phishing, and there are ways you can protect yourself from becoming a target. Cybercriminals are unlikely to know your real name, so the message may address you in vague terms, such as “Dear Valued Customer.” Also, look out for spelling and grammatical errors and poor image quality in any logos, which would never appear in legitimate business communications. Always ensure that the e-mail is from a trusted source and that you are subscribed or a customer of the particular service (though be mindful that even this isn’t fail-safe). Keep in mind, however, that banks, retailers, and most other businesses will never contact customers by email or other online communication to request passwords or other sensitive information.
If you receive a suspicious message from a company that claims to be legitimate and requests personal details, speak to the company directly using a contact number for the organization that you have sourced reputably elsewhere to confirm that the message is genuine. If you do come across a phishing email—and the vast majority of us will, at some point—mark the message as spam and delete it. This will ensure the message will be blocked from reaching your inbox in the future.
Recommended free course
Introduction to Cyber Security
“Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon” by Kim Zetter
Share with friends