As part of our Cyber Security awareness campaign, we’re covering a new topic each month to help boost your knowledge and keep you and the University safe and secure.
This month we talk ‘Data Entry Phishing’ and the ways cyber criminals use this technique to target you and your data.
Ok, so what is Data Entry Phishing?
In simple terms, Data Entry Phishing is a form of hacking. Cyber criminals use fake forms on bogus websites to deceive people into entering sensitive data which can then be stolen or damaged.
A Data Entry Phishing attack might for example play out like this:
- Victim receives a bogus email or SMS message (which appears genuine) requesting urgent clarification of personal information.
- The email points the victim to a bogus but plausible website via a link.
- When the employee opens the link, they are directed to a form and asked to enter their sensitive data which the hacker then steals and uses for criminal gain.
- In some cases, the victim is then redirected to a genuine website to make the whole process appear more legitimate.
Because this form of hacking doesn’t involve malware, it can be very difficult to detect and in many cases victims don’t realise anything is wrong even after the attack has happened.
What can I do to keep myself safe?
Check out our five top tips below to keep yourself safe from Data Entry Phishing.
- Check who your message is from - Always doublecheck a sender’s email address and look for inconsistencies. If you receive an unexpected request for information, contact the organisation directly via a trusted channel.
- Use strong and unique passwords - Make sure your passwords are complex and use a different one for each account you use. You can use a password management tool to keep your passwords safe.
- Watch out for common mistakes and red flags – look out for messages that imply your action is urgent, criminals want you to act quickly without thinking. Watch out for typos and grammar errors too.
- Use Multi-factor authentication - Whenever you can use multi-factor authentication (MFA) to protect yourself at work or at home. MFA gives you an extra layer of security by asking for a second type of verification like a code sent to your phone.
- Keep up to date with training - Make sure you stay up to date with the latest cyber threats and best practices – a good way to do this is to complete our monthly cyber security training!
How to learn more
Each month, we’re releasing a matching bitesize training via Proofpoint, our online learning platform, which is emailed to you. This month’s training will arrive in your inbox on Tuesday 18 March.