Phishing (email) and smishing (txt) attempts have continued to be a huge risk for businesses this year. This form of online attack relies on tricking the recipient into clicking a link and handing over sensitive information. Phishing is also a common method used to infect devices and networks with malicious software by hiding it within what looks like a legitimate file.

Both phishing and smishing attempts vary in sophistication, so knowing the tell-tale signs is a great way to be one step ahead of cybercriminals. Here is a real-life example of a phishing email sent to Linten Technologies via our website contact form and a smishing txt sent to a personal device of mine.

Phishing1. The email used for this attempt is not a company one. This is not necessarily a sign of a phishing email, but in this context it raises suspicion.  

Before clicking a link or downloading a file, always check the email address. It may be the case that it looks real at first glance, but on closer inspection you may see characters that have been altered. Phishing attempts can also be sent from compromised accounts. If you receive an email from a colleague, customer or supplier with this type of request, contact the sender via a different platform to check it is real.   
2. The scammer in this attempt is using a scare tactic hoping it stimulates an urgent response. Question the motive of any email that uses this approach.    
3. This email encourages a file to be downloaded, which likely contains malicious software. Never download a file unless you have confirmation from the sender they have sent it via a different platform such as txt message.  
4. The scammer ends with a threat and a deadline to reinforce a sense of fear and urgency. 

Smishing

1. This txt message is not as sophisticated as some smishing attempts, but it does create a sense of urgency to act quickly. This is a common tactic in smishing like it is in phishing attempts. 
2. The URL does not mimic an established company and so is very much a tell-tale sign in this attempt. Be vigilant of URLs that look like common banks, utility companies, mobile networks etc. There may be only one or two characters that have been changed. If you are unsure, contact the company via phone to verify the request. 
Share these examples with colleagues to build cyber awareness within your organisation. Building your business cyber defences doesn’t have to be complicated, speak to our friendly IT Specialists who are available to discuss a range of solutions to help you and your workforce stay safe online.