“Phishing” is the most common type of cyber attack that affects users. These attacks can take different forms. However, the goal is always the same - to get you to share sensitive information such as login credentials, credit card information or bank account details. Although we try to protect our customers from cyber threats, we rely on you to be our first line of defense. We’ve outlined a few different types of phishing attacks that you should be careful of:
Phishing: In this type of attack, attackers impersonate a real company to get your credentials. You may receive an email asking you to confirm your account details with a link that takes you to a fake login screen, which sends your details directly to the attackers.
Spear phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker look like a legitimate source. They may use your name and phone number and refer to the company in the email to trick you into thinking they have a connection to you, making it more likely that you will click on a link or attachment they provide.
Whaling: whaling is a popular trick that aims to trick you into transferring money or sending sensitive information via email to an attacker by pretending to be a real company executive. Using a fake domain that seems to be similar to that of the company, they look like normal emails from a company employee and ask you for sensitive information (including usernames and passwords).
Shared Document Phishing: You may receive an email that appears to be from a file-sharing website, such as SharePoint, and tells you that a document has been shared with you. The link contained in these emails takes you to a fake login page that mimics the real login page and steals your account information.
What you can do:
To avoid these phishing schemes, please follow these email best practices:
Don’t click on links or attachments from senders you don’t know. Be especially careful with .zip or other compressed or executable file (.exe) types.
Do not share sensitive personal information (such as usernames and passwords) via email.
Watch out for email senders that use suspicious or misleading domain names.
Check URLs carefully to make sure they are legitimate sites and not fake ones.
Do not try to open a shared document that you do not expect to receive.
If you cannot tell whether an email is legitimate or not, please contact abuse@sunrise.net.
Be extra cautious about opening attachments or clicking links if you receive an email with a warning banner indicating that the email is from an external source.
Don’t forget about smishing, where data is stolen via SMS and devices are infected. In this form of fraud, potential victims are lured with links in text messages, which in turn point to deceptive sites in order to scam customer data.
These tips should help you make your user experience as safe as possible. Thank you for helping to protect yourself and our network from cyber threats.
Please let us know if you have any questions. We are happy to help!
Greetings,
Sunrise Community Team
Related Links
General: https://www.ncsc.admin.ch/ncsc/en/home/cyberbedrohungen/phishing.html
Recent incidents: https://www.ncsc.admin.ch/ncsc/en/home/aktuell/aktuelle-vorfaelle.html