Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Lifestyle discover

We're exposed to potential threats via email every day - here's how to spot malicious messages

The most sinister of cyber-attacks are often simply delivered, writes Richard Lambe.

TECHNOLOGY IS EVERYWHERE, covering our use of wireless networks, smart devices, computers, how we shop, and much more.

We are always online, checking our mobile phones on average every 12 minutes, getting updates on social media, our work emails, and news from around the world.

As our dependence on technology grows so too does our reliance on cybersecurity.

Cybersecurity in its simplest form is the protection of IT systems and data from cyberthreats.

For a company it could be protection against the unauthorised access or sabotage of computer systems, hardware, software or data. For individuals, cybersecurity could mean protection against identity theft, device viruses or even possible financial loss.

The most sinister of cyber-attacks are often simply delivered through malicious emails, calls or even text messages.

Many of us are unaware of the risks involved and receive little training on the topic, apart from training programmes, run in proactive organisations, schools or colleges.

High-profile data breaches continue to make the headlines but closer to home, on our computers or on our smart devices, we are exposed to potential threats through our emails – where attackers can easily take advantage of us.

What is phishing?

As email is the top cyber-attack method, it is vital you can identify these threats and manage them accordingly. Phishing is when an attacker attempts to persuade someone to interact with an unsafe email.

They coerce an unsuspecting recipient to click on a malicious link or unwittingly part with valuable information. A phishing email can often have an attachment that contains malware which, once clicked, can infect your device.

Examples of malicious emails include impersonation of financial institutions, file hosting services, utility companies, entertainment websites, cryptocurrency exchanges and technology companies.

Attackers will also use current world events to tailor their emails – for instance, an email that enticing you to click on a link that offers you a free or cheap ticket to a large sporting event such as the World Cup or Ryder Cup.

Phishing is becoming more advanced through the practice of social engineering and the types of emails flooding our inboxes are becoming more sophisticated and difficult to spot.

Attackers are increasingly adjusting their techniques and methods of attack and identifying malicious emails is becoming more difficult.

For that reason alone, to avoid attack, it is imperative that you are aware of
the basic tell-tale signs.

Tips to help you spot a malicious email:

What’s in the subject line? Attackers typically try to invoke a sense of urgency in the subject field to trick the recipient into opening the email on impulse. If it doesn’t look right, don’t open it!

Who is it from? Attackers often impersonate a brand name or website that you may be familiar with. Look closely to spot irregularities like incorrect spelling of a name, wrong logo or fake imagery.

Are there spelling mistakes? If it doesn’t read right, don’t interact with it. Spelling and grammar are a telling sign that an email may be coming from an untrusted source.

Is there an attachment? Attackers will often include a malicious file as an attachment to a phishing email. Do NOT open it before you verify that the sender and the email content is legitimate, and from a reliable source.

Is there a link? Attackers may use URL hyperlinks in the body of an email enticing you to click. Typically, if you hover over the link with your mouse cursor, it will reveal the real destination.

Where did they get your information from? We are currently experiencing a peak in social engineering. This is where an attacker relies on human interaction to gain access to information or systems for their own gain, be it financial or other. It can be done by gaining information about you through social media platforms, by phone or from your online activity. This is normally carried out over a period of time to build up trust. Be vigilant online and don’t share personal information!

Knowledge is power and the more we know the better we can be equipped in protecting ourselves against cybercrime.

By adhering to the above tips, you will be more prepared on how to spot the
tell-tale signs, making you less likely to fall for a phishing email.

Richard Lambe is Senior Security Awareness Consultant at the Cybersecurity and Information Resilience centre of excellence at BSI.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Richard Lambe
View 12 comments
Close
12 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds