April Fool’s Day may be a day full of jokes and pranks, but cyber-attacks are still very much real. With the constant incline in cyber-attacks, we can’t stress enough the importance of efficient cyber security and staying safe online. This April Fool’s Day, we want to raise awareness around cyber-attacks and how to spot a malicious email or website, so that you can take care of yourself and your customers.
What is a cyber-attack?
First things first, let’s address what a cyber-attack is. A cyber-attack is any attempt to expose, destroy, steal or gain unauthorised access to secure information via a computer. The most common cyber-attacks include email-borne attacks and unsecure websites. With April Fool’s Day bringing an influx of prank emails and web pages, it may be difficult to tell what is real and what isn’t. Below are a few top tops to tell if the websites you visit and the emails you open are as legit as they look:
Look out the for ‘S’ in HTTPS – Most URLs begin with ‘https’ instead of ‘http’ to give an indication that they are encrypted. A website with a ‘https’ URL means that the security is provided by an SSL certificate, which protects sensitive information that is entered into the site. Without this certificate, cybercriminals can easily access information that you enter.
Look for company validation – If a company is real, it will have a physical address and phone number on their site, as well as any privacy statements and return policies. If you’re struggling to find any of this on the website, chances are it may be a spoof.
The lock icon – If you visit a legitimate website, you will notice a lock icon just to the left of the URL. This icon ensures you that your information on this site is fully secure, e.g. passwords and credit card information. If a site doesn’t have this, be wary about entering any details.
Check the email address – Scammers tend to use a sender name that looks like it is coming from the company or organisation that they are pretending to contact you from. However, a scam email will usually have an unusual email address behind what looks like a genuine sender name. To check the email address, hover your mouse over the sender name and an email address should appear. If this looks suspicious in any way, it probably is.
Look for spelling mistakes – Not all, but most scammers tend to have limited English, therefore the emails are likely to have spelling mistakes or grammatical errors. Any payment services such as banks or PayPal tend to be a big target for cyber criminals with lots of replicate emails being created. However, before clicking anything or entering any credentials – always look for any spelling errors.
Don’t click on links in emails – If you have any slight concern that an email may be a spoof, do not, we repeat, do not click on any links in the email. If you want to check if the URL is legit, type the company name into a search engine to find a legitimate website or landing page. From this, you will be able to compare the URL addresses to see if they are similar or completely different.
Ready to test your knowledge?
So, are you really ready to test yourself to see if you can spot real phishing emails? One of our vendors, Vade Secure, has put together this great interactive quiz to test your phishing IQ. (Notice, this site includes https and the lock icon!) Happy quizzing! Test yourself here: https://phishing-iq-test.com/ and tweet us your results!