Phishing vs Spamming: know your cybercrime
While some phishing scams may be easier to spot, many scams are incredibly sophisticated – and you would be amazed at the patience that some scammers have in finding out your behaviours, passwords, reviewing regular payments, cloning social profiles, developing ‘worms’ and so much more.
In this blog we help you identify the difference between phishing and spam, and some similarities, to help you avoid falling hook, line and sinker for a phishing scam.
Phishing or spamming – what’s the difference?
What is spam?
Spam is the sending of bulk, unsolicited ‘junk’ emails for advertising purposes. In the 90’s it was pretty tricky to get hold of an email address, so when someone did, and sent that email address ‘spam’, it was quickly identified and blocked.
As time rolled on, with more email addresses breached alongside spammers getting cannier, spamming became sinister with inboxes targeted with purchase drugs, counterfeit goods, and advance fee scams. In short, you are encouraged to handover payment for something that doesn’t, or shouldn’t, exist and for which you never signed up for.
And here’s the news: your Spam folder is not going to catch it all.
Worse still is that it can be used to distribute malware at scale, and these emails could have subject headings such as ‘Your receipt for £500’ and so on, encouraging you to check.
Here’s the catch: phishing can also be a form of spam!
What is phishing?
Phishing is a classic impersonation tool to obtain information from the intended victim. You could receive an email from eBay, TSB, Vodafone… but that email is fake. If you look a little more closely, you’ll spot the URL (the www) doesn’t look quite as it should. Although the email shows the correct logo and font type, there is something about the wording, or a rogue typo that also seems a little off.
Perhaps it’s asking you to complete a payment you never started, with a link to login to a shopping website. Or it could be asking you to pay for unpaid postage fees, with a link to ‘Royal Mail’. Of course these sites aren’t real, they are fake, and the minute you enter your details into them, the scammers have what they came for.
Phishing can affect you at home, or at work.
Some scammers also prefer a more direct (‘non-spam’) route and will use social media platforms to find out where you work and target you.
One example is where an email is received by payroll (or whoever manages wages) stating that the ‘employee’ is on holiday, so emailing from their home address, and asks to change bank accounts for a salary payment as they forgot to do it before they left.
While the email contains the name of an employee, the employee’s name (and email address) could also have been found on LinkedIn, and the fact they are on holiday could have been found on Instagram. And it’s easy enough to add ‘payroll@’ to the same email domain. Of course, the email isn’t from the employee, and that employees’ wages are paid into a scammers account.
How do cyber criminals find your details?
Data breaches
While Facebook and LinkedIn have both featured in the news for astronomical data breaches, releasing data (aka, your personal information from name, email address, even passwords) to hackers, the truth is, it’s not ‘just’ social media companies that fall foul of a data breach.
In May 2020 a cyber-attack on EasyJet saw 9 million customers having their email address and travel itinerary stolen, while more than 2,000 had their credit card details stolen as well.
In October 2020, British Airways was hit with a £20 million fine (reduced from the original intent of £183m due to mitigating factors and the effect of the pandemic on the industry) due to a 2018 data security issue which released details of more than 400,000 customers to scammers, including credit card details.
The list of businesses that are affected is endless – and growing. Look at some of these additional examples via haveibeenpwned.com.
There are a number of different ways your email address may have been leaked to scammers – you may have signed up to something via an email, or purchased something from an Instagram feed. Where there is a will, there is a way to obtain your data.
Home learning
Another issue arising out the pandemic is the lack of cyber security awareness offered to pupils who had to learn from home during the lockdown. Many children now have an email address which, if it’s obtained by hackers or purchased on the dark web following a data breach, sets them up as a spam and phishing risk from the get-go.
One of the most important lesson a child should learn is cyber safety, from looking for the ‘s’ in ‘https’, ensuring the security padlock is next to the URL, password management, to not giving out email addresses or personal details while researching a topic for school.
As always, a strong password and a good antivirus is key. If your child has access to their own email address, learning about spam and phishing, and not opening unexpected files is important. If you share a device with your child, the risk of hackers accessing your files in addition to your child’s, could be catastrophic.
Protect yourself from cybercrime
Password security is a must. Read our blog on the ideal length here.If you don’t recognise the source of the email, delete it.Never download an attachment from a sender you don’t know. It could be ransomware, which will lock your computer until you make a payment to the hacker.Never click a link in an email. For example, if you receive an email that appears to be from PayPal, or Amazon (scammers do this frequently), asking you to complete a transaction or similar, close the email and go directly to the website. Never login using the link as you could be providing a hacker with your login details.Always install an antivirus!If you have children or grandchildren, keep a checklist of ‘do’s and don’ts’ next to their computer, and encourage them to ask for help if they are unsure.
Follow our series of cyber awareness blogs to keep your online details secure!