What is: Phishing

I am starting off my series of “What is” with Phishing. Probably the easiest way for a hacker to gain control of your accounts.

A definition of the term Phishing: Phishing is a type of online fraud that involves tricking people into providing sensitive information, such as passwords or credit card numbers, by masquerading as a trustworthy source. Phishing can be done through email, social media or malicious websites.

So how does it work?

The most common way is via an e-mail. Imagine you work in an accounts department and somebody sends you an e-mail saying that an invoice is overdue and that the debt may be passed to debt collection. Please click here to view the Invoice.
So you are worried that you may have missed something and want to see what it is, you click the link and it takes you to a site that asks you for your Office 365 Login details.

It looks really genuine, so you put in your details, and click sign in. However, the details have just been stolen by the hackers, you will most likely get a message saying sorry the file no longer exists.

So you think no more about it. Then the hackers have access to your Office 365 account, they then send an e-mail from YOUR account, to your contacts, getting them to do exactly the same. But now the e-mail looks like it came from YOU, so people trust it.

This is why you MUST always confirm the authenticity of the e-mail, DO NOT EMAIL THEM, the hacker may still have control and answer you. Always phone the contact to see if the e-mail is genuine. DO NOT click on links sent to you in an e-mail unless you are expecting it.

You can take steps to prevent unauthorised access to your account, such as setting up 2 step authentication. That way, a hacker would need to know the password, and the one time only code that is sent to your mobile, or from an authenticator app. You would also be alerted if someone is attempting tl use your account.