Johannesburg, 18 Oct 2021
In the next series of our blogs during Cybersecurity Awareness Month, we will focus on phishing.
What is phishing? It is when a cyber criminal sends a fake e-mail that looks like it came from another source (for example, a bank, a friend, a colleague) that contains a link in it for you to click; the link invariably goes to a website where nasty things will happen.
Here is an example: You receive an e-mail that looks like it came from your bank. The subject line says it contains important information and requires your immediate attention. However, once the e-mail is opened, the link provided does not point to your bank and is intended for malicious purpose. Did you know that you can hover over a link without clicking on it, to see where it is pointing? So if you were to receive an e-mail from your bank, and you click on the link, you will be redirected to a site that looks and feels exactly like your bank. However, if you look at the address bar you will clearly see it is a site actually named something like 'chris.yaaka.education'.
Should you continue and fill in the information they request and start the process to get your "relief funds" or whatever it is they promised, it will inevitably, at some point, ask you to type in the logon credentials to your internet banking. You have just handed your banking details to a cyber criminal, and before you know it, the funds in your account will disappear. If you give banking details of a bank account where there is little or no funds available, you are still at high risk, as cyber criminals may use this account to borrow money, and you will be left with the debt. Once they have your details, the account in your name may be used as part of a scheme to defraud someone else.
As IT professionals, we pride ourselves in being more street smart. So you might be reading this and thinking that you will never fall in this trap. Unfortunately, the same applies when you might receive an e-mail from what seems to be your CEO, asking for logon credentials or to click on a link to download important files. In your haste to be an efficient employee, you may run the risk of handing over the crown jewels to a cyber criminal.
How to identify phishing e-mails
First of all, should anyone offer you money, or any incredible deal in an e-mail, you can almost be certain that it is fake. Fairytales don't come true, alas.
Secondly, if you receive an e-mail from your bank with a link to click, don’t do it! Certainly, the banks in South Africa never include clickable links in their e-mails, because they are prone to abuse. Instead, the e-mail from the legitimate bank may tell you to visit your nearest branch or log on to your internet banking, from where you will be able to access or rectify something. Rest assured that your bank will not include a link in an e-mail.
Last and certainly not least – when you receive e-mails that look suspicious at work, rather investigate first and report the incident.
Cyber criminals are ruthless in their efforts to obtain valuable and sensitive information. Be wary and do not become a victim.
Share