< Back to Insights
Fishing in a river | Informer. Vulnerability scanner

QUICK GUIDE: Phishing

Phishing is a simple yet effective form of a cyberattack. Hackers try to dupe victims into actions where they can benefit. What can we do to protect ourselves from phishing attacks?

The answer to why they do this ranges from because the can and because they can make a lot of money from it. A typical phishing attack involves a cybercriminal sending emails, en mass. The aim of these menacing emails is to stealing sensitive information or convincing victims to install malicious software. 

The emails are designed to appear as though from trustworthy sources, which gives the attack more of a chance of working. Cybercrime has become profitable and criminals make money a number of ways. And from a number of places.

Individuals can have their information stolen or their computers hijacked and used to mine bitcoins, including:

  • Stealing your information
  • Using your computer to mine bitcoins
  • Using your computer to attack companies’ websites so that they can’t operate and serve their customers. Typical targets here are banks.

How do you spot a phishing attack?

There are a number of ways to check if an email is suspicious. Follow our guide to avoid falling victim to a phishing attack.

Personalization

A genuine company will normally personalize a customer email. Look out for salutations such as ‘Dear Customer’, ‘Valued Customer’ or ‘To (your email address)’. If you receive an email that begins with one of these examples chances are it’s a phishing email.

Company information

Double-check contact information in the signature, a lack of contact details could be a warning of a scam.

Phishing attacks will use official company logos so it can be hard to tell if the email is legitimate. If you have recently received an email from the company compare the two to see if they have the same branding. If you are unsure get in touch with the company to find out if they have recently sent out customer communications – but don’t use the contact details in the phishing email!

Call to action

Does the email contain messages with a sense of urgency?

  • Act now before your account is suspended
  • Don’t miss out on this great opportunity
  • There has been an unauthorised login attempt on your account

If it does, think twice before following its instructions. You may well be falling into a phishing trap.

If the email asks for you to send over personal details chances are it’s a fraudulent. Keep your personal information safe and don’t give any of your details, companies will not normally request this information via an email.

Phishing emails aren’t known for exceptional spelling, look out for spelling and grammar mistakes. Take a look at one of the examples above.

Attachments

Phishing emails could be sent with attachments. If you were not expecting an email with an attachment, don’t open it!

Attachments contain malware that can damage files on your computer, steal passwords and can even spy on you using your webcam and recording everything you type.

Links

Don’t click on suspicious links. Roll your mouse over the link and ensure that it reveals the same link as the text. If you want to test the link open a new window and type in the URL, links may lead you to .exe files that are known to spread malicious software.

What should you do if you're a victim of phishing?

There are a few things you can do to reduce the risk.

  • Update your passwords on all of your online accounts
  • As soon as you can, contact the company or bank directly
  • Close your accounts if you know they have been opened
  • Regularly review your bank and credit card statements, check for any unusual charges and inquiries and report them

Don’t get caught out by phishing. Find out how Informer can help prevent an attack on your business.


More from

penetration testing

Shodan: The Search Engine for Hackers

Shodan is not your average search engine and has become a tool used by hackers to find internet-connected devices and more.

Read Article >

Understanding Cross-Site Scripting: How to prevent an XSS attack

Learn why it's important to take a multi-layered approach to help prevent XSS attacks.

Read Article >

Understanding Cross-Site Scripting: Going beyond an alert box

In this post we are going to take a deeper dive into this vulnerability and investigate some of the more malicious payloads that could be used

Read Article >