​​​

Phishing - Don't take the bait!​

Simply put, “Phishing” is a fraudulent attempt to acquire your confidential information such as usernames, passwords, bank, or credit card details. This is achieved by sending you a spoof email, and redirecting you to a fake website that has a similar look and feel as the legitimate site.  As a general rule, legitimate organisations will not ask you for user names / passwords. These emails tend to have a generic look about them, and are not generally targeted at you specifically.

 

In recent years, there has been a move towards "spear phishing" This is a targeted form of phishing in which fraudulent emails target specific individuals within organisations in an effort to gain access to confidential information. Its tactics include impersonation, enticement and access-control bypass techniques like email filters and antivirus. The objective of spear phishing and phishing are ultimately the same—to trick a target into opening an attachment or click on a malicious embedded link.


 

Below is a video developed by the CPNI (Centre for the Protection of the National Infrastructure) explaining how a Spear Phishing attack may appear. 

There's also a one page summary covering the points in the videodont_take_the_bait.pdf