SPOT THE SCAM
How to Identify Phishing at the workplace
Phishing attacks are becoming more common. Through Phishing, hackers can use stolen credentials to log into work or other accounts, gaining access to data or money.
Phishing is a Social Engineering tactic that happens when attackers persuade victims to click on links, open emails or attachment, which help hackers gain access to confidential information or infect devices with malware.
Different types of Phishing attacks on the job
Companies and organisations are also at peril of Phishing attempts. However, smaller companies are at a larger risk as they have less resources to prevent cybersecurity attacks.
Fake messages from your superior
An urgent request sent directly by the CEO or any other high-ranking executive at the company via email or text to employees can be fake.
The attacker uses more targeted language in the text or email. The wording is usually relevant to the industry of that organisation, thus making the attack more effective. This specific targeting is called Spear-Phishing.
Spear Phishing emails might include reference to other employees or executives at the victim’s workplace. Sometimes they even include the user’s name, location or personal information in the email.
Scam Tech Support Messages
Some attackers might attempt to impersonate IT support staff. The intent behind this attack is to get the target to hand over their credentials to important company accounts.
The user usually receives an email saying their account has been hacked. The user will then click on a link in the email to reset their password.
The links will take the user to fake sites that do not match the company name or the name of the software hacked.
Phoney Contact Requests
When you receive a fake LinkedIn request through email, the link attached in that email will go to a fake site that can inject malware or ask for your credentials. Sometimes people are so excited when they receive a request, they think it might lead to a new business deal.
This is why these kinds of requests are particularly successful on employees.
Avoiding Phishing Attempts at Work
Here are a few tactics to help you identify Phishing at work and avoid it altogether:
Check the Sender Information
Hover over the email address and read it properly. While there may be nothing wrong with the name of the sender, there might be something about the email that looks suspicious. For example: “ Jake Galea [email protected]”.
If you receive a LinkedIn message, make sure the sender's profile picture, name and job history make sense. Anything that seems off or is incomplete may be fraudulent.
Look out for Poor Grammar and Weird Phrasing
Phishing messages often contain errors and grammatical mistakes. If someone uses the term ‘customer’ or ‘client’ instead of your personal name, be suspicious. They may even resort to asking for your phone number in a surprising manner. This is a scam!
Verify with the authority or the employee in question
Contact your employee or superior directly. If you cannot verify that the message or email came directly from them, then it is best to ignore the message. Urgent messages are usually fake and real emergencies would be handled differently.
Check for profile or email hacking
If you are not expecting an email or a message from a colleague, you can also query the email with them. Contact the sender either by phone or via another channel of communication. Choose a different method of communication to the one used in the suspicious correspondence. It might be that their email got hacked.
Different types of Phishing attacks on the job
Companies and organisations are also at peril of Phishing attempts. However, smaller companies are at a larger risk as they have less resources to prevent cybersecurity attacks.
Fake messages from your superior
An urgent request sent directly by the CEO or any other high-ranking executive at the company via email or text to employees can be fake.
The attacker uses more targeted language in the text or email. The wording is usually relevant to the industry of that organisation, thus making the attack more effective. This specific targeting is called Spear-Phishing.
Spear Phishing emails might include reference to other employees or executives at the victim’s workplace. Sometimes they even include the user’s name, location or personal information in the email.
Scam Tech Support Messages
Some attackers might attempt to impersonate IT support staff. The intent behind this attack is to get the target to hand over their credentials to important company accounts.
The user usually receives an email saying their account has been hacked. The user will then click on a link in the email to reset their password.
The links will take the user to fake sites that do not match the company name or the name of the software hacked.
Phoney Contact Requests
When you receive a fake LinkedIn request through email, the link attached in that email will go to a fake site that can inject malware or ask for your credentials. Sometimes people are so excited when they receive a request, they think it might lead to a new business deal.
This is why these kinds of requests are particularly successful on employees.
Avoiding Phishing Attempts at Work
Here are a few tactics to help you identify Phishing at work and avoid it altogether:
Check the Sender Information
Hover over the email address and read it properly. While there may be nothing wrong with the name of the sender, there might be something about the email that looks suspicious. For example: “ Jake Galea [email protected]”.
If you receive a LinkedIn message, make sure the sender's profile picture, name and job history make sense. Anything that seems off or is incomplete may be fraudulent.
Look out for Poor Grammar and Weird Phrasing
Phishing messages often contain errors and grammatical mistakes. If someone uses the term ‘customer’ or ‘client’ instead of your personal name, be suspicious. They may even resort to asking for your phone number in a surprising manner. This is a scam!
Verify with the authority or the employee in question
Contact your employee or superior directly. If you cannot verify that the message or email came directly from them, then it is best to ignore the message. Urgent messages are usually fake and real emergencies would be handled differently.
Check for profile or email hacking
If you are not expecting an email or a message from a colleague, you can also query the email with them. Contact the sender either by phone or via another channel of communication. Choose a different method of communication to the one used in the suspicious correspondence. It might be that their email got hacked.