Cyber Scotland Week - phishing - how to avoid getting caught out

As part of the Scottish Cyber Security week we in IT thought we would share with you a Cyber Security reminder each day of the week – just to remind you about the necessity of keeping not only the Council's data safe, but your personal data too.

So today, Monday 27 February, we start with ‘Phishing’ which is the most common form of cyber-attack in current use.

What is Phishing?

Phishing is when an attacker sends an unsolicited email that is formatted and phrased in a way to appear to be official or interesting and will often attempt to make the recipient choose to follow a link to a website or open an attachment. In some cases the link or attachment is intended to harvest information (e.g. log in information, personal or financial information), it may be intended to cause the recipient to alter customer bank details on a system so that payments go to the attacker instead of the customer, or it may result in malicious software (malware) being downloaded onto the recipient's computer which will go on to cause damage to the computer and connected systems.

Staff guidance tells you to delete any suspicious emails without opening any attachments or following any links even if it appears to come from a trusted source. Attackers often forge the sender address to make a phishing email appear authentic. If you think it may be an important email then phone the sender, or email them using a known trusted address to check whether it's genuine. If you're in doubt, contact IT for advice.

You are our first line of defence against phishing attacks so please be vigilant at all times.

The National Cyber Security Centre offers some excellent advice on spotting phishing emails:

Spotting a phishing email is becoming increasingly difficult, and many scams will even trick computer experts. However, there are some common signs to look out for:

Authority - Is the sender claiming to be from someone official (like your bank, doctor, a solicitor, government department)? Criminals often pretend to be important people or organisations to trick you into doing what they want.

• Urgency - Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
• Emotion - Does the message make you panic, fearful, hopeful or curious?
• Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
• Scarcity - Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
• Current events - Are you expecting to see a message like this?
• Criminals often exploit current news stories, big events or specific times of year (like tax reporting) to make their scam seem more relevant to you.

Finally, your bank (or any other official source) should never ask you to supply personal information from an email. If you have any doubts about a message, call them directly.