Phishing and malware
Recognising some of the most common techniques attackers use will reduce your risk of being deceived by phishing and malware.
Phishing
Phishing is the most common method attackers use to gain access to passwords or bank account and payment card details.
The attacker sends out a mass mailing to many recipients in the hope that some will bite. The e-mail may appear to come from a bank or other well-known organisation.
- Often, it appears to be an innocent e-mail, text message or phone call.
- Someone tries to get you to click on a link or divulge sensitive information, such as passwords or account details, to accept an offer.
- They play on your emotions and try to get you to act first and think later, effectively lowering your guard.
- Be suspicious of attractive limited-time promotions or major news.
Spreading malware via e-mail
Opening files attached to e-mails can trick you into downloading code and software that damages your computer. It allows the attacker to take control of your computer, log your keystrokes, or access sensitive information such as your payment card details, passwords, or other personal information.
- Ransomware or malware comprise malicious code that encrypts your information and locks you out of your device or application.
- Make sure you have made backups and can restore them to regain access to your information.
Only click on familiar links
Remember to be careful!
- Avoid clicking on links; look up the link via trusted sources.
- If you are unsure, contact the sender before downloading attachments or programmes.
- Make sure you have installed antivirus software.
- Get into the habit of logging out of websites when you are finished.
If you are unsure whether a file you are asked to download from the Internet may contain viruses or other malware, you should refrain. If you have already downloaded such a file, avoid opening it and use antivirus software to scan the file.
If you accidentally click on a link or open an attachment
If you click on a link sent by a fraudster, they can obtain your passwords and use your online identity. They can also get hold of your payment card details and empty your account. Your Internet connection may stop working, your computer may be infected with a virus or even break down.
- If you suspect you may have received malware, report it immediately to your IT department.
- Change your login details if you suspect they have been compromised.
- Contact your bank or credit card company and cancel your card if you have divulged your bank details.
- Contact nomoreransom.org and file a police report if you have been affected.
- As a rule, never pay ransom demands.
- Reinstall your computer and transfer the latest backup.
Checklist: protect yourself against phishing and malware
- Review the e-mail carefully before opening an attachment or clicking on a link. Did you anticipate the message? Is this how the sender usually expresses themself?
- Be vigilant and don't click if the message asks you to give your payment card or bank account details or password, if you’re prompted to download attachments or software, or if you’re urged to act quickly.
- If you are suspicious, you should verify the sender through channels other than those indicated in the e-mail, or refrain from opening/clicking. If you are using a company computer, contact your IT department.
As a business owner, how should you approach digital security?
- Create routines for the secure handling of e-mail.
- Set aside time to establish security routines. Encourage employees to report issues or incidents when something goes wrong – or almost goes wrong.
- Install good antivirus software. Perform a scan if you become suspicious.
- Install new security updates immediately.
- Do not use outdated IT hardware. It must be possible to update the software.
- Back up frequently and store/manage/protect backups in such a way that they cannot be destroyed.