An extremely sophisticated Netflix phishing attack is reportedly doing the rounds this week, using fake Netflix branding to fool customers into updating their payment details. Recent research from Sophos which surveyed 1000 office workers found that almost one in five (18%) have fallen victim to a phishing attack in the past. 70% of respondents claimed to be confident they could spot a phishing attack, with 21% admitting they weren’t confident they could spot one.
John Shier, Senior Security Advisor at Sophos, has pulled together some of his top tips to help customers avoid being the next victim of an attack such as this.
1. If you’re contemplating clicking the link in an email, take a look at the URL first
Before you click, hover on the link if you’re on a computer or hold down the link on your phone and you should see the full URL appear. Once you can see it look at the source and ask yourself does this look legitimate. Bear in mind that just because the URL has a padlock icon next to it or starts with ‘https’ doesn’t mean it’s safe. As a rule of thumb if you aren’t sure if its genuine just delete it straight away.
2. Be on the lookout for Typosquatting
This is where cybercriminals take a popular online brand and change one letter or two to trick you into clicking and sharing personal information. Always check the spelling and be on the lookout for smart typosquatting like the famous ‘Tvvitter’ attack.
3. Feel free to browse the internet on your phone but be cautious of the wireless network you’re connected to when you’re online shopping
Only ever enter your credit card information when you’re on a secure network that you trust. And remember the best way to keep your money safe is to use PayPal or your credit card. Where possible, avoid using debit cards to purchase gifts online.
- Be sensible about password security and incorporate length and complexity. Make account passwords different and difficult to guess. Include upper and lower-case letters, numbers and symbols to make passwords harder to crack – you can see the best tips for creating strong passwords here.
Too late? If you think you’ve fallen victim to a phishing attack always change your password immediately. It’s always worth contacting your bank immediately to see if there has been any fraudulent activity.
Overview of Sophos phishing stats research
Research commissioned by Morar research and surveyed 1000 office workers in 2017
– 70% are confident they could spot a phishing attack
– 21% are not confident they could spot a phishing attack
– 71% have not been phished
– 18% have been phished
Phishing is the second most common threat people are aware of. The breakdown is:
o 80% are aware of spyware
o 74% are aware of phishing
o 63% are aware of ransomware
o 49% are aware of credential stealing malware
o 39% are aware of Remote Access Trojans
o 24% are aware of BotNets
o 11% are aware of APT