Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Welcome to the first in my "Defend Yourself" series. Each month I will be looking at the different ways to defend yourself on the internet. This month I am looking at the all too common Phishing attack.

Deceptive Phish

The deceptive phish is the one you will see if you junk or spam folder most of the time. These can be really poorly written which is what makes them so dangerous. Think about it for a minute. You EXPECT these to be in your junk or spam folder. So when one lands in your inbox you tend to read it. When this happens, the email generally looks like it originated from a recognised source and will ask you to perform an action. Common actions make be:
  • Verify your account details
  • Reset your password
  • Update your personal information
  • Review a recently uploaded document
  • Log in
Spotting the deceptive phish should be reasonably simple.
  • Ask yourself, do I use this service?
  • Is the greeting generic?
  • Is the information something that the sender already has?
If you really need to check, log into that service using the URL you would normally use. Do NOT click the links.

Spear Phishing

Spear phishing is more sophisticated than the blanket approach of the Deceptive Phish. The communication will be aimed directly at you, often with your name in the greeting. These communications make contain spelling and grammar mistakes but it is equally true that they may be perfectly worded. The one thing common to all Spear Phishing communications is that they will want to you perform an action. Common actions make be:
  • Verify your bank details
  • Log into your remote access
  • Update or reset your work password
  • Review a document
Spotting the spear phish can be hard, but look for:
  • The context in which the communication is written. Does the sender write like this?
  • Is there an ultimatum?
  • Is there some kind of time deadline?
If you really need to check, phone the person who sent you the communication using the number you already know, not the one they supplied on the communication. Do NOT click the links.

CEO Fraud

The attackers use an email address that is similar to that of a senior member of the business and will ask that a payment is made or data is sent to someone else urgently.
These phishing attacks should be easy to defeat. If you are asked to do something urgent, verify the request by picking up the phone and calling the alleged requester on a number you have for them already.

Frauday Friday - Conveyancing and Banking Fraud

Very similar to the CEO fraud although these very commonly happen on a Friday just before lunch. These phishing attacks should be easy to defeat. If you are asked to do something urgent, verify the request by picking up the phone and calling the alleged requester on a number you have for them already.