Phishing: what is it and how to avoid falling for it

Phishing not Fishing

The next article from our IT specialist Darren from Pivotal Data Solutions talks about how you can keep your data safe.

Recently a customer brought these two emails to my attention.

Can you spot the difference?

Which one is real?
Which one is real?

The one on the left is real. The one on the right is sent from a hacked personal computer in Paris, France.

The customer who sent me this example received several other emails that looked almost identical. All were sent from different computers and via different paths.

In the IT world, this is what’s known as phishing. Sending an email that looks like it comes from a reputable source is a trick by criminals to get you to hand over personal information like credit card details or passwords or take control of your computer, and it’s becoming increasingly sophisticated.

Recent scams include emails purportedly coming from Netflix, the Commonwealth Bank, Australia Post and the ATO.

How can you protect yourself?
  • Never provide your bank or credit card details or personal details in an email reply or in a website you opened from an email link.
  • Do not click on (follow) links in emails. Open your web browser and use your existing bookmarks or search using Google to go to the actual site (e.g. asic.gov.au).
  • Ensure the email addresses you by name and there are no grammatical or spelling errors

In this case, the email linked to a hacked OneDrive for Business account. It’s likely the OneDrive account was hacked because they have used the same password for several accounts.

To avoid this possibility you should:

  • Not use the same password for different accounts. If it’s too hard to remember the many passwords you likely use you could look at using a secure password keeper – Pivotal Data Solutions recommends LastPass which is free for personal use.
  • Make sure your passwords are complex – containing a combination of letters, numbers and symbols or use a “passphrase”.
  • Ensure your email domain is set up properly and use business class email service such as Office 365 or Google G-Suite – this will greatly reduce the risk of a successful phishing attack on your business.

We also recommend sharing this example with your staff members to help ensure your entire team is aware of the risks of phishing and how they can avoid it happening to them.

Subscribe to our newsletter

Make a Payment