Infosec Cloud
Solutions. Services. Training.

Recognise phishing emails, links, or phone calls

Phishing emails, websites, and phone calls are designed to steal money and data. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

What does a phishing email message look like?

Here is an example of what a phishing scam in an email message might look like.

phishing_email_example-image

  • Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organisations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
  • Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address. Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

Malicious link image

  • Threats. Have you ever received a threat that your account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised.
  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.

Beware of phishing phone calls

Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license.

Once they’ve gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

Report phishing scams

If you receive a fake phone call, take down the caller’s information and report it to your local authorities.

You can use Microsoft tools to report a suspected scam on the web or in email.

  • Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
  • Outlook.com (formerly Hotmail). If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Outlook inbox. Click the arrow next to Junk and then point to Phishing scam.
  • Microsoft Office Outlook 2010 and 2013. Right-click the suspicious message, point to Junk, and then click Report Junk.

You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

Source: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

Find out how train your IT End Users to be Cyber Security Vigilant – and protect themselves and your organisation >>

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Phishing emails and bogus contact: HMRC examples

    If you think you have received a HM Revenue and Customs (HMRC) related phishing / bogus email or text message, you can check it against the examples shown in a free HMRC Guide.

    Download the HMRC Guide Here >>

    It will assist HMRC investigations if you report all ‘HMRC related’ phishing emails and bogus text messages to HMRC. Even if you receive the same / similar phishing email or text message on multiple occasions, please forward it to [email protected] and then delete it.

    Do not open any attachments or click on any links within the email or text message, as they may contain malicious software or direct you to a bogus website.

    End User Security Awareness Training – at less than £1/user/month

    Now is the time to invest in Security Awareness Training, so that your end users understand the mechanisms of:

    • ✓ Spam
    • ✓ Spear Phishing
    • ✓ Pop ups
    • ✓ Malware
    • ✓ Social engineering
    • ✓ Phishing
    • ✓ Website Security
    • ✓ Adverts
    • ✓ Ransomware
    • ✓ Physical security

    The consequences of failing to do so go well beyond bad headlines. One significant data breach can lead to lost jobs, substantial legal costs, non-compliance penalties, loss of brand reputation, customer loss, and a catastrophic hit on the bottom line. You only need to read the latest news to see why it is imperative that you take action today to protect your company and your employees.

    Every company needs to invest immediately in results-driven security awareness training for all employees – from the CEO down…

    Infosec Cloud provides fully managed Security Awareness Training reinforced by frequent simulated, randomised cyberattacks to help organisations create cultural change and build a human firewall.

    Click here to request your free Quote >>

    Defending Law Firms from Cyber-attack Conference 10 May: Manchester

    With the 2015 Information Security Breaches Survey estimating that 90% of corporations having experienced a cyber security breach in the last year, cybercrime is a national scale problem that requires immediate action.

    Cybercrime costs the UK around £27 billion every year and although some government action has been taken to stem this financial haemorrhage, it remains a growing threat.

    Law firms are particularly vulnerable to this criminal activity, as they often deal with the kind of sensitive information targeted by fraudsters.

    For this reason, businesses must take measures to protect themselves, safeguarding their digital infrastructure with appropriate software and staff training.

    Attend the Defending Law Firms from Cyber-attack Conference, where high level speakers from government, Law and cyber security will be presenting their views on how to defend law firms from cyber-attack. Topics covered shall include the threat cybercrime poses to law firms, why law firms are particularly at risk and how law firms can protect themselves from attack.

    Click Here for tickets >>

    In the meantime – find out why more and more law firms are choosing the Infosec Cloud fully managed End User Security Awareness Training service.

    Our guaranteed, web-based interactive security awareness training combined with frequent simulated phishing attacks, live demonstration videos and short tests makes sure employees understand the mechanisms of spam, phishing, spear phishing, website security, pop ups, adverts, malware, ransomware, social engineering and physical security.

    This is a full managed service which requires virtually nothing from you or your team – all you have to do once you have placed the order is provide us a list of your users email addresses.

    We create all the content, simulated attacks and track the results – all of which are reported on back to you. And all for less than £1/user/month.

    Request your no obligation quote here >>

    Security Awareness Training Guarantee Announced

    Infosec Cloud has launched a unique 60 day money back guarantee for new Security Awareness Training and Testing customers. The company is 100% confident that their service significantly reduces the risk of organisations becoming victims of phishing attacks.

    The guarantee states:

    “If we do not reduce your employees’ susceptibility to phishing attacks within 60 days then we will refund 100% of your investment.”

    The Security Awareness Training and Testing service starts with a company-wide baseline Phishing Security Test which measures the percentage of end users that are Phish-prone. The next step is to provide all employees with Security Awareness Training. This is delivered at the desktop and can be started and paused as required by the user. Infosec Cloud tracks who has completed the training.

    After the initial company-wide training, Infosec Cloud’s highly effective monthly Phishing Security Tests keep employees on their toes. Employees who fall for the attacks receive instant remedial online training.

    End Users understand the mechanisms of:

    • ✓ Spam
    • ✓ Spear Phishing
    • ✓ Pop ups
    • ✓ Malware
    • ✓ Social engineering
    • ✓ Phishing
    • ✓ Website Security
    • ✓ Adverts
    • ✓ Ransomware
    • ✓ Physical security

     

    Pete Sherwood, MD, Infosec Cloud commented: “We decided to launch this unique guarantee after reviewing the results from our existing customers’ accounts. We are consistently achieving significant reductions in the level of our customers’ end users’ phish-prone levels. Our service certainly seems to be working.”

    The company’s web-based interactive security awareness training is combined with frequent simulated phishing attacks, live demonstration videos and short tests. The service is proven to ensure employees remain vigilant and informed.

    Read more on Security Awareness Training >>