Phishing, Social Engineering, Spear Phishing, Whaling – it’s all Fraud!

Recently, the university has been targeted by online criminals via fraudulent emails. Knowledge is absolutely our first line of defence. Learn the jargon and know what to look out for:

Phishing

Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Social engineering

Manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.

Spear-phishing

A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts.

Whaling

Highly targeted phishing attacks (masquerading as legitimate emails) that are aimed at senior executives.

Extracts from NCSC Glossary (www.ncsc.gov.uk)

Watch this short video from Google on how to avoid a social engineering attack.

In addition to the advice given in the video, always remember to follow existing policies and procedures already in place within the workplace to ensure attacks are not successful. Such as, requesting authorisation from another member of staff and asking the requester to complete an official form.

If you think you have received an email that may be fraudulent you should send the entire message as an attachment to the Information Centre on information.centre@stir.ac.uk. We will forward it to a service set up for public sector organisations who work to have the sites responsible taken down by their ISPs.  They have more power than any individual person or organisation so this is a useful service.

Useful Link

Get Safe Online – free expert advice https://www.getsafeonline.org/business/