Street robberies have made way for a new form of theft: spam and phishing. Criminals are finding more and more ways to rob you online. How do you recognise spam and phishing? How do you prevent it? And what can you do if you do fall victim?
What is spam or phishing?
Spam or phishing mails are fake e-mails that you receive and which thieves use to obtain data for an online service. For example, a fake email from your bank requires you to log in and give your bank details. If you do this, the thieves gain access to your computer or your data, so that they can steal your money or 'hijack' files, for example. This can also be done over the phone. These fake messages can look very real.
How do you recognise phishing mails?
There are three main ways in which you can recognise these emails:
- Spelling mistakes: if you receive an e-mail from your bank, you may assume that there are no spelling mistakes, since it is such a professional institution. Do you spot clear spelling mistakes? Has it been translated with Google Translate, for example, or just written sloppily? Then be extra alert.
- Sender: the sender should always correspond to the company from which the e-mail was sent. Sometimes you see very strange e-mail addresses with strange numbers, from an unknown company or from abroad. Then you already know that it is not good. This can also be done more subtly; instead of email@example.com it is firstname.lastname@example.org or email@example.com.
- Sample page: Are you using an Apple computer? Then move your cursor over the link in the mail. You should then see a preview page. What does it look like? Like the website should look or unprofessional? From this you can already judge whether it is all right or not.
But sometimes it is impossible to recognise... much more dangerous, what to do then?
Preventing spam or phishing mail
You can now recognise the e-mails, but there are still a number of ways in which you can prevent them. Here are four ways.
- Turn on your spam filtering: the Office 365 spam filter already filters out most spam and phishing emails. Make sure that your filter is smart enough and tailored to your needs.
- Log into your services yourself: If you think the e-mail is genuine, do not click on the link but log into the online service yourself first. Then click on the link in the e-mail. You never have to log in twice, so you know immediately whether the e-mail is genuine or not.
- Set a strong password: A strong password is generally essential for security, but it is also very important here. Make sure that every account within the company has a strong password.
- Use MFA (multi factor authentication): multi factor authentication means that you can't just log in with your username and password on a new device, but a message is sent to your email or SMS. A confirmation code is then sent that you must fill in. The chance that someone knows your telephone number and e-mail and has access to your telephone and e-mail and knows your password and user name is zero.
- Monitor access: Keep a close eye on who is logging in. Suppose that someone suddenly logs in from China while you are in the Netherlands, then there is a good chance that this person should not have access. Of course, you want to be informed of this. Then you can spot strange patterns and act on them.
What if it goes wrong?
Despite good preparations, there is always a chance that things will go wrong. Then there are four things you can do.
- Inform IT party: Contact your IT Manager or IT party immediately so that you can limit the damage. They can often also check whether you have already suffered damage. Speed is of the essence. The IT party can also ensure that you can find out more about the impact of the breach. In this way, they prevent unnecessary panic.
- Change password: Change your password immediately. Always use a strong (unique) password for all your services. Hard to remember? Use a service like LastPass to make your life easier.
- Set up MFA: As mentioned in the preparations, use multi factor authentication. If you haven't done so yet, do it now to prevent further intrusions. You reduce the chance to zero if you use MFA.
- View logs: See exactly what happened and request a report from the IT manager or IT party. This way you can see what went wrong and how this can be prevented next time.
Our customers can always contact us with questions about phishing, spam, security or for a security scan or awareness training. Don't trust something or are you having problems with IT? Please call us on 010-2121806 or e-mail us at firstname.lastname@example.org.
Frequently asked questions about Security
Is your question not listed? 1 email or 1 phone call is enough to get it answered. 010-2121806 email@example.com