Phished - the feeling of total despair when you realise that you have just clicked on an innocent looking email and infected your laptop with malware / virus / trojan
With around 3.4Bn phishing emails being sent every day, it’s almost guaranteed that you will have some sitting somewhere in your inbox. The troubling thing is the phishing emails are getting more difficult to spot.
The hackers and organised crime groups (OCGs) exploit any trend or crisis to improve the chances of you giving away your personal data or revealing the unique three random word password you use to protect your bank account.
We’ve all seen a new low for these groups as they pump out billions of emails offering a link to a cure to covid-19 or claiming to be from a government agency offering a generous refund. Here’s an example of one that is in circulation today:
Title: COVID-19 COMPENSATION FUND
Text: You are at this time urged to contact the Covid19 response fund department with the reference number (COV/RES/FND.AE0E32) for immediate claims.
Warning you at this time urged to keep this secret to avoid double claim as any double claim of same reference number will be disqualified.
For claims kindly contact ...The challenge is what do you do when you discover a dodgy email?
Adventourous people might mark the email as junk and the local mail system pretends to deal with the dodgy email. However, a lot of people just delete the email and move on.
It’s a pity as by ‘just deleting’ you are not helping others and the hackers can continue to lure more victims.
Now there is a very easy alternative…. forward the email to:
report@phishing.gov.ukYou will then get an automated response thanking you for sending the dodgy message.
This is a brand new and free service from the Suspicous Email Reporting System (SERS). When SERS receives the email it will automatically analyse the headers, contents and links to determine if it’s deemed to be a bit dodgy. The NCSC will then attempt to takedown or stop these emails!
It could not be simpler.
The other important point is that the service will only work if lots of people start using it. Thus, allowing the system to map out the phishing campaigns that are running every day.
SERS is one part of the new Cyberaware campaign - a useful source of helpful security tips.
How to forward emails
- ProtonMail - select the message and use the short cut ‘Shift + F’
- Gmail
- Outlook
- Yahoo
For IT Administrators
- Ensure you’ve protected your email domains with SPF, DKIM and DMARC. This will reduce the chances of your company email address being used by phishing campaigns.
Cyber Security is a collective responsibility
I’m George Mudie the Chief Information Security Officer @ ASOS. Outside of the office I enjoy box sets of nordic noir crime thrillers, Mexican cuisine and the works of Iain M. Banks.
Photo by Isaiah Rustad on Unsplash
