Being part of the connected online world, just like the real world, comes with its fair share of dangers. Viruses, scams, and ransomware, just to name a few. Perhaps one of the most prevalent dangers of the present day is that of phishing.
As the name suggests, phishing scams bait the target, hook them, and then reel them in. In this case, “them” is usually some form of personal data.
The personal data sought by phishing scammers may consist of a wide variety of useful information. But it's almost always information that can be used to commit finance-oriented crimes, or gain access to other systems that can be leveraged to commit crimes.
Identity theft and syphoning of funds from your bank accounts are well-known examples of such crimes. However, gaining access to your employer’s computer network is not so widely known.
Phishers may not always be in the market for your personal data – they may sheerly be looking at driving a wedge into a backdoor so that they can come back later and have a poke around. And that weird link that your colleague just clicked on in the strange email they’ve just received may have just opened the gab through which that wedge is driven.
So, what are key characteristics of phishing emails?
Primarily, phishing emails are from unsolicited sources – you didn’t ask for them, you don’t know or have no reason to have dealings with the organisation, and they’ve appeared unbidden into your email inbox.
They will dangle some sort of bait in front of you, in both the subject line and the body:
- Your xxxxxxxx account has been compromised and requires validation
- We were unable to deliver your package
- You may have won!
- Your computer may be at risk
They may indicate that they have come from a reputable organisation. Commonly:
- Common government organisations
They may include an attachment or require you to install some item, possibly by directing you to an internet link – JUST DON’T! Opening these from a suspicious email can result in the installation of malware designed to access your computer or network and allow for the gathering of information by the phishers.