Phishing, simply put, is a type of scam. It’s a fraudulent process by which an “attacker” attempts to steal your identity by acquiring sensitive information – such as your username, passwords, personal identity number, or credit card or bank details – by masquerading as a trustworthy entity.
Phishing attacks are occurring with increased frequency and with an increased level of sophistication. The risks are real both in a business environment and in your personal capacity.
Typically carried out via email, instant messaging and text messages, phishing frequently includes the use of proprietary logos and branding, such as a “from” line disguised to appear as if the message came from a legitimate sender.
Phishing emails or messages usually contain a link to an authentic-looking website or email address that will capture information from the unsuspecting user. Without realising it people are falling for phishing attempts as these emails and websites are evolving and looking more authentic.
A more targeted form of this attack is called “Spear Phishing.” Unlike standard phishing schemes that use mass emails, these schemes target individuals that fit a certain profile. For example, they may only target people whom scammers believe to be affluent employees of a specific company or governmental agency, or users of a specific site.
The aim of these attackers is to get the reader to divulge sensitive information about themselves and/or their organisation.
You can’t prevent phishing attempts; however you can reduce the risk of becoming a victim by following some simple steps:
- Do not assume that spam filters will catch all illegitimate emails. Even if it appears in your inbox, that does not mean it is genuine. Be alert to signs that the message is fraudulent, such as misspellings, poor grammar, and other irregularities. For example beware of emails addressed to ‘Dear Customer’; as a general rule these are scams of some type.
- Phishing attempts often ask for financial or personal information. Unless you have validated the source and the site, never provide personal or business information through a form on the internet. Legitimate organizations do not ask you to verify your username or password via emails or text messages as they already have that information.
- Often Phishing emails have links to web addresses that are very similar to authentic websites including logos and branding. Never click on links in emails if you are suspicious. Instead:
a) Hover your mouse over the link to see the actual URL (website address), which might be different from what shows up in the text .
b) Do not click on a link. Type (do not copy and paste) the company’s URL directly into a browser to determine if the request is legitimate.
- Do not open email attachments from unfamiliar sources. In particular, email attachments with “.scr,” “.com” and “.exe” file extensions may be malicious and could contain malware or a virus.
- Beware of random pop-up screens.
For more information, contact:
External Communications Manager
+64 9 367 5977
+64 21 335 740
About KPMG New Zealand
KPMG is focused on fuelling New Zealand’s prosperity. We believe by helping New Zealand’s enterprises succeed, the public sector do better and our communities grow, that our country will succeed and prosper.
KPMG is one of New Zealand’s leading professional services firms, specialising in Audit, Tax and Advisory services. We have 825 professionals who work with a wide range of New Zealand enterprises – from privately owned businesses, to publicly listed companies, government organisations, and not-for-profit bodies. We have offices in Auckland, Wellington, Christchurch, Hamilton and Tauranga.
Globally, KPMG operates in 156 countries; employing 152,000 people in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (”KPMG International”), a Swiss entity.