PHISHING INFORMATION

PHISHING INFORMATION

WHAT IS PHISHING?

Phishing attacks are cybercrimes where a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data. 

This may include personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

Phishing Attacks can come as texts, phone calls or email.

COMMON TYPES OF PHISHING ATTACKS

  • Appears to come from a well-known company like Netflix and asks you to sign in and correct an issue with your account
  • Links point to a website pretending to be a company’s legitimate site and asks for your login credentials
  • Contains a link to what appears to be a shared file on Google Docs, Dropbox or another file-sharing site
  • Link points to a page pretending to be a file-sharing site and requests you log in
  • Comes from a domain similar to the DocuSign domain
  • Link will prompt you to sign in to view the document, giving attackers control of your inbox
  • Contains a document presented as an unpaid invoice and claims service will be terminated if invoice is not paid
  • Targets individuals (by pretending to be a retailer) or businesses (by impersonating a vendor or supplier)
  • Appears to come from a government tax revenue agency (e.g. IRS or ATO)
  • Claims you are delinquent on your taxes are provides a means to to fix the issue before additional fines or legal actions are pursued
  • Appears to come from a popular delivery service or online retailer and includes a delivery notification with a malicious link or attachment

HOW TO SPOT A PHISHING ATTACK

Often with phishing attacks there are a few easy ways to spot them. 

  1. Look out for awkward or unusual formatting
  2. Beware of a sense of urgency or pressure to click a link or download an attachment
  3. Keep an eye out for misspelling or grammar mistakes
  4. Be cautious of unusual requests from someone you know
  5. Hover the mouse over or copy paste a link to check if a domain name is suspicious or unexpected (i.e. [email protected])

WHAT TO DO IF YOU THINK SOMETHING MAY BE PHISHING

If you are at all unsure do not click on any links or open any attachments. 

If you suspect an email is phishing, always report it. Built in to your outlook toolbar, there is an button labelled “phriendly phishing”. 

If you are unsure of whether an email is legitimate or not, clicking this button will allow the email to be vetted. 

For text scams, be sure to never click any links or open any attachments. 
You can report a scam message via the federal government’s ScamWatch website at scamwatch.gov.au

 

If you have any questions please contact OPEC Systems IT (Jeremiah Osagiede, jos[email protected]) or Mangano IT ([email protected])

REMEBER TO ALWAYS REPORT TO PHRIENDLY PHISHING