Phishing is a very common form of cybercrime, where criminals try to steal personal information or credentials. They often do this through sending official-looking messages, asking you to log in on a non-company website or to provide sensitive information (such as usernames, passwords, ID photocopies) directly through email. Avoid falling prey to these practices by applying the S.A.F.E.-rule. An originally Dutch acronym designed to help you determine whether any communication is legitimate.
S – Style of Writing
Always read emails that ask for information carefully. Are there any spelling errors? Oddly structured sentences? Always trust your gut: if a message is full of errors and/or looks weirdly written, you’re likely reading a phishing message.
A – Sender (‘Afzender’)
Double check who sent the email. Not just the name, but the actual email address. Many phishing emails are sent from random, weird addresses like email@example.com. Additionally, it pays to double check even if the sender seems legit. For example: we send emails from an @master-soIutions.nl address. Now copy-paste that into an empty document and change the font. See? One of those Ls is actually a capital i. Be wary of the tricks these cybercriminals use to impersonate email addresses.
F – Fake Link
If there’s any doubt in your mind whether a message is legitimate, do not click on any links or open any attachments. You can easily check website links by hovering over the link and checking the lower left corner of the screen. If the link does not refer to the website of an official or trusted company (Google is your friend!), don’t click it.
E – ePrivacy
Remember: trusted companies will never ask you for personal details or login information in an email or text message. So if you’re asked to directly provide any account details or personal information to an employee, you’re almost surely dealing with a phishing attempt!
Being aware of techniques to steal (personal) information is one of the most important skills you can have, since the biggest chunk of hacks and information leaks can be led back to ‘Social Engineering’: the misuse of the general nature of humans to trust each other. If you want to read more about social engineering, we talk about it in our blog outlining the biggest cybersecurity threats to companies in 2021. Now that you’re armed with all this knowledge, you’ll be a hard one to fool!