, ,

Could you spot a phishing attack?


Human error is the leading cause of data breaches. In response, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security. This includes tips on spotting a phishing attack.

At Hayes Connor, we’re sharing some of the tips included in this toolkit. In doing this we aim to raise awareness of the importance of this issue. We also want to help organisations across the UK improve their data protection processes.

Tip: Phishing email? Don’t get caught hook, line and sinker

What is a phishing attack?

Phishing scammers use emails, texts, websites, phone calls and social media to access your data, your computer, or your financial accounts. Typical phishing scams include:

  • Where fraudsters contact you posing as your bank
  • Where fraudsters contact you posing as a company (e.g. Microsoft) and encourage you to complete steps that let them gain access to your computer
  • Where scammers send out an email from a service you use (e.g. PayPal, Google Drive, Dropbox, etc.). This link instructs you to click on a link which leads to a fake page that collects your login details
  • Where you receive an email from a person or company you know and trust which includes your personal information and lures you into clicking on a malicious URL or email attachment
  • Where scammers pretend to be from someone in the same company as you in a bid to steal the private data of your customers.

Phishing is a serious crime, and victims can suffer both financial loss and distress.

Quick tips to avoid a phishing attack

Check out these tips on how to spot phishing attacks and prevent cybercriminals from stealing your information.

  • Beware of emails with poor spelling and grammar. This is one of the most common signs that an email isn’t legitimate. However, phishing scammers are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one
  • Roll over hypertext links (without clicking them), to see if the actual URL differs from the one displayed
  • Hover your mouse over the email address in the ‘from’ field to see if the website domain matches that of the organisation the email claims to be from
  • If you get an email warning you that your account has been closed or put on hold, go to the organisation’s website (via Google, not the email) and contact them to make sure the email is legitimate. Do this regardless of how authentic the message appears to be
  • If you receive an email informing you that you’ve won a prize (or the lottery) do not provide any personal information without checking that this is genuine. If you cannot remember entering the competition is it probably a scam
  • Do not respond to emails asking you to make a charitable donation. If you’d like to donate to a charity, do so by visiting their website directly
  • If you receive an email that looks in any way suspicious, never click to download the attachment, as it could be malware
  • If you are in any doubt, DO NOT click on any links or open any attachments. Instead, you should go to the organisation’s website directly (not via the email) and contact them to make sure the email is legitimate.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.