What is phishing?

Phishing is a fraudulent method that takes place via e-mail or SMS, where someone wants to obtain your information. When people think of email scams, there are probably many who quickly think of Nigeria emails. Unfortunately, those who try these attacks have become smarter and smarter. According to figures from Unit 42, ransom payments have increased significantly only during 2020. It therefore makes sense to have training both within the family, but even more importantly, among your colleagues at work. Does the company you work for have this on their agenda when it comes to safety?

Last week we spoke to one of our experts, who told us that many attacks can be prevented with the help of colleagues and active awareness within the organization. It requires that you can recognize an attack when it appears. And often an attack appears in the mailbox!

Do you want to read more about what our experts say about safety in everyday life? Take a look here. 

We test ourselves

I, Mathilde, have even taken a trip into the spam on my private email to bring out various actors who will constantly test and tempt me in the form of phishing. Here are some of what I found:

  • "ELKJOP" wonders if I'm gira on a Playstation 5.
  • "Coop" tells me that I am an important customer and that I have therefore won an exclusive prize.
  • "Digifinans.no" says that they give different players the opportunity to compete to give me a loan.
  • "Bitcoin" says they are ready to receive my first payment. I just need to scan a QR code.
  • "Gate777" is ready to send over approx. 25 kroner. I just need to confirm my information.

What do they want? They will probably have information such as: username, password, other e-mail addresses, telephone number, social security number, account number and bank card number.

When I present it in this way, it is naturally a little fun to look through. Unfortunately, there are more than we know who go on such emails. In addition, the emails have become even more cunning than that, and the "phishers" manage to make things look more and more like the real goods.

There are public agencies that the Tax Administration and municipalities have become aware of, in addition to actors we often take in on a daily basis, such as Norway Post or various food chains. An e-mail can look so bad that people without sacrificing a thought click in and give their data to what they think is the real actor. It is often afterwards that you realize that the e-mail address is not the same as the last time you received an email. And does the Tax Administration actually have links in its email? These are the things we want you to question. Always. If in doubt, ask a colleague - before you click on.

In addition, there is a completely separate method that is also used, and it does not play on brand. It even has its own name, namely director fraud or CEO fraud. It is simply phishing with a dispute. Here, scammers pretend to be the management of a company that asks for things like getting a specific invoice paid or transferring money to an account they have decided. The account is usually located abroad. Here, scammers go so far as to collect names, buy domains and create fake email addresses that may look very much like the real thing. Especially those who work with finance are exposed in this context.

We have extensive experience in handling corporate security solutions, and we can make overall assessments of your current security. Read more about it here. 

How to prevent at home and at work

Many people make mistakes, and to prevent this from happening, it is good to have some rules of the game or methods that are natural.

We recommend to:

  • Always double check that the email address, sender's name and subject box are filled with natural things, without typos and with very similar resemblance to other similar emails you have received from this sender.
  • By "clicking on the link", you double-check what is in the link itself before clicking on. Hold the mouse over the link and you will get the link address. Is it a real website with a domain that is natural in terms of sender? If not, do not click.
  • Skeptical? Feel free to check the sender's official website if fraud attempts are in circulation. See example Posten.no.

Phishing is just one of many ways to obtain your private information as well as corporate sensitive and valuable information. We recommend that you keep your eyes open and that your company has a good plan for training in this. Do you need expert help? We offer all steps in digital security. From assessing what values ​​you actually have, the threats you should prepare for, what equipment you need in everyday life and how your colleagues and employees can be so trygge as possible.