Phishing Awareness and Cyber Security

Phishing is a type of cyber-attack that relies on deception. Attackers send fraudulent emails, text messages, or other communications that appear to come from legitimate organisations. The goal is to manipulate recipients into:

  • revealing personal or financial information,
  • disclosing login credentials, or
  • clicking links that install malicious software.

Phishing is the most common form of social engineering, and its effectiveness relies on human error rather than technical flaws.

Instagram Signs

The above example demonstrates the characteristics of a phishing attempt disguised as a copyright infringement notice from Instagram. Key indicators include:

  1. Suspicious Sender Address
    • The email claims to be from Instagram but originates from a non-Instagram domain
      (email-team-online.com).
    • Legitimate organisations use consistent, official domains.
  2. Urgency and Induced Panic
    • The subject line and body suggest imminent deletion of the account within 24 hours.
    • Phishing attacks often create false urgency to discourage careful scrutiny.
  3. Call to Immediate Action
    • The message prompts the recipient to “Secure my account now.”
    • Urgency combined with a direct link is a common phishing tactic.
  4. Deceptive Links
    • Hovering over the “Secure my account now” button reveals that the URL does not lead to Instagram.
    • Links that mask or misrepresent their destination are a critical warning sign.

Common Features of Phishing Attempts

Phishing messages can take many forms, but they typically exhibit several of the following characteristics:

  • Unexpected sender or unfamiliar domain name
  • Generic greetings such as “Dear user” or “Hello customer”
  • Unusual tone — overly formal, overly casual, or inconsistent with the organisation’s typical communication style
  • Requests for login credentials, financial details, or personal data
  • Links or attachments that prompt immediate interaction
  • Threats or urgent deadlines designed to force quick action
  • Too-good-to-be-true claims, such as winning a prize or gift card

Recommended Protective Measures

To reduce the risk of falling victim to phishing, apply the following practices consistently:

  1. Do not download or open attachments from suspicious or unsolicited emails.
  2. Inspect links before clicking by hovering your cursor over them to verify their true destination.
  3. Do not provide usernames, passwords, or financial information via email. Legitimate organisations will never request such details in this way.
  4. Be sceptical of urgent demands or threatening messages. Pause and verify authenticity through official channels.
  5. Report suspicious emails to IT support immediately for investigation and action.