Security Awareness Training
Contact
avoiding phishing

What is phishing?

Phishing is when attackers attempt to trick users into doing ‘the wrong thing’ by pretending to be someone trustworthy. Phishing can be conducted via text message, social media, by phone, and, most commonly, by email.

What do they want? It varies, but usually they want you to:
-Hand over a password
-Hand over personal information or financial details
-Pay money or make a transfer
-Click on a link that leads to a malicious website
-Open an attachment that may contain malware

Red flags

See the red flags in the image. Click to zoom in.

If you suspect phishing:
1. Don’t click on any links or open attachments. Visit the website directly in your browser and login.
2. Don’t reply. If you know the sender, try to get hold of them via phone or SMS to verify.
3. If you’re unsure, please speak to your IT department.

examples of phishing red flags
tactics used in phishing

Tactics used in phishing

Scammers use emotional tactics to get us to bypass logic.

Our brains use two ways of thinking:
– the fast, intuitive, emotional
– the slow and deliberate

While the former is great for making thousands of quick decisions, it also leaves us open to unwise ones, based on mental shortcuts and truth bias (we assume people tell the truth, the opposite would be exhausting).

This leads to fast decisions like “Hey, it looks like it’s from my bank, I’ll click”.

When phishing works the best

Another reason we fall for mass email phishing relates to <b>external events and timing</b>.

Did you just miss a call, or are you expecting an invoice from a new supplier? Then you’re much more likely to fall for a “missed call” scam or invoice fraud.

What looks like an obvious scam to your colleague, might appear authentic to you as it matches your expectations.

<b>A question dear friend:<br></b>Which of the subjects lines in the image do you think had the best click through rates?

why phishing works
successful phishing emails

Examples of successful phishing subject lines

As you can see, urgent fear of missing something and curiosity top the successful phishing subject lines according to Kaspersky.

More red flags

Here are a couple more things to look out for. Please read carefully.

When in doubt, never click or reply. Always visit the website directly or contact the person who emailed you via phone or other means.

more phishing red flags
Request more info

I want to know more

Get In Touch

Book a demo