Monthly Archives: February 2024

How not to fall Hook, Line and Sinker, to Email Phishing attacks

Email Phishing is when attackers send scam emails (or text messages) that contain links to malicious websites. These links can be obviously dangerous, such as a link that may transfer the user to a fake PayPal website, but it is clear that the URL is not directing the user to the real website, or the scammer may try using something called a Homograph Attack. These attacks take advantage of the similarities between the appearance of letters in different fonts or for example using a 0 (Zero) instead of an O (Capital O) to trick the user into believing they have accessed the real site. The websites may contain malware (such as ransomware) which can sabotage systems and organisations. Or they might be designed to trick users into revealing sensitive information (such as passwords), or transferring money.

Phishing emails can hit an organisation of any size and type. You might get caught up in a mass campaign (where emails are sent indiscriminately to millions of inboxes), or it could be the first step in a targeted attack against your company, or a specific employee. In these targeted campaigns, the attacker uses information about your employees or company to make their messages even more persuasive and realistic. This is usually referred to as spear phishing.

Given the risks posed to both the user as an individual and to the company of which that user belongs, it is always best to develop safe habits when clicking on links sent via email. Some of these habits can include, checking the senders full email address, as some phishing attacks involve attackers posing as people you may know but the full address will reveal an unfamiliar email address. Other attacks can involve attackers gaining access to a user’s mailbox outside (or inside) the organisation and sending links to all contacts. With this kind of attack the best practice is to check with the sender that they meant to send the link via another method (e.g. phone, text, in person) if the email was not expected.  

As Phishing Attacks become more common and attackers learn to use new methods, it is more important than ever to keep up to date with Cyber Security. That’s why here, at Lincoln IT, we have solutions available to help educate your users on some of the more sneaky methods attackers may use, and help them put into practice “safe clicking” to stop attackers in their step.

To arrange a free consultation of your Cyber Security strategy or your entire IT Infrastructure, please contact us via 01522 282120 or