Phishing
-
-
Part of:
- Email security
Explains phishing, Hwb’s anti phishing measures and how users can avoid a phishing attack.
Overview
Phishing is the term generally used for e-mails that try to persuade people into giving up sensitive information, primarily passwords.
Phishing e-mails normally pretend to be from a trusted source using one or more of the following tricks:
- Faking the sender’s e-mail address
- Copying images and styles from genuine e-mails
- Using urgent or ‘panic’ inducing messages
Phishing e-mails used to be easy to identify because they had spelling mistakes or grammatical errors, however, they are becoming increasingly sophisticated.
Phishing e-mails will almost certainly include an attachment or link that you are encouraged to access. An emerging strategy is to create a copy of the Microsoft 365 login so that an attacker can capture the username and password of unwary users.
Hwb anti-phishing measures
Hwb email has been configured with a number of technical controls to minimise the number of phishing e-mails delivered to Hwb users. They include:
- Microsoft 365’s anti-phishing service - uses machine learning and detection algorithms to detect phishing e-mails.
- DMARC – enables organisations to let other e-mail systems know what to do with e-mails that do not come from Hwb authorised senders.
- Microsoft 365 Safe Links - provides filtering to block access to known malicious websites. It should be noted that this may not be effective against all sites and therefore does not remove the need for individual vigilance!
How to avoid a phishing attack
- Only access Hwb from your browser Favourites or by typing the Hwb URL (https://hwb.gov.wales) into the browser address bar.
- If you receive an e-mail that is encouraging you to access a link or open an attachment, pause and consider whether you are expecting the e-mail and whether there are any tell-tale signs that it might not be genuine.
- If you suspect that an e-mail may not be genuine, follow these steps:
- Log in to Hwb and navigate to the Outlook application in Microsoft 365.
- Click on the phishing e-mail (the e-mail itself, not any links or attachments within the e-mail).
- Click on the dropdown arrow next to Reply all.
- Click Mark as phishing.
Top three things to remember if you suspect a phishing e-mail:
- Do not open any file attached to a suspicious e-mail.
- Do not click on any links within a suspicious e-mail. If you have already clicked on the link, do not enter any personal information.
- Do not reply to a suspicious e-mail.
If you have already entered your personal details, please report this to the Hwb Service Desk as soon as possible as your Hwb account may have been compromised: support@hwbcymru.net / 03000 25 25 25.