With more access to the Internet, we are also more exposed to online fraud than ever before. Luckily, there are steps you can take to better protect yourself online.
Today, we'll talk about phishing emails. Unlike the popular sport with the same pronunciation, phishing is a fraudulent attempt made to obtain sensitive information. Phishers could be looking to obtain your login information, credit card details, or other personal information.
Many people still expect something like the Nigerian Prince Scam when they think about phishing emails, but they can be much more complex and well thought out. Phishing emails can appear very legitimate and the "From" e-mail can even be spoofed to appear as any address.
Phishing your Account
So that email from Dropbox (or Apple, or Microsoft OneDrive, or Google, etc.) could be a fake agent. Phishing emails often prompt a user to log into their account or provide personal information.
For phishing scams that aim to gain access to your accounts, the user will be provided a link that takes them to (an although legitimate looking) fake web page where their log in information is logged by the phisher. This will often give the phisher ability to access your private files, emails, documents, and personal information.
Some emails will create a sense of urgency. This could be anything from saying your account is being locked, a security breach, or an immediate payment being required.
Just like the sport, spear phishing aims to attack one specific target with a personal, crafted email. Unlike regular phising emails where a larger group is all being targeted with the same email, spear phishing is just looking to compromise one individual.
The phisher may have gained your information from a company website, social media profile, or other public profiles. An email will be custom-tailored to the recipient to make it more personal. These emails generally appear from a trusted source, such as a friend or colleague. They may even ask for private information for the purposes of blackmail.
Unlike going after just another person, whaling is an attempt to go after the "big phish." These attacks are on high-level employees or powerful people to gain access to their personal information or accounts.
If high-level employees are compromised, it can trickle down throughout the entire organization. Most employees wouldn't second guess their boss even if their request seems odd.
Remember, you don't have to click any email links. If you want to check the security of your online account, go to the platform directly, not through the provided link. If an email from a colleague or friend looks off - give them a call to verify. Sometimes, it's better to annoy your boss than risk your company's security (trust me, I annoy my bosses often).
When it comes to online security it's okay to be skeptical. CityWest is not responsible for your online activity and safety. We will do our best to aid our customers in staying safe online, but each user is responsible for what they do. For more information on protecting yourself online check out our support section here.