Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    UK Users Should Be Aware of Census-Themed Phishing Attacks

    Census-Themed Phishing AttacksUsers in the UK should be on the lookout for census-themed phishing attacks, according to Paul Ducklin at Naked Security. Participating in the census is mandatory in the UK, and people who didn’t complete the census by the March 21st deadline will begin receiving warning letters informing them that they could be fined £1000 if they fail to send in their form.

    Cybercriminals are taking advantage of this by sending text messages telling recipients that their census application is missing information. This ensures that even people who have completed the census will want to click the link. The link leads to a convincingly spoofed phishing site designed to steal their personal information.

    Ducklin offers the following recommendations to help people spot phishing scams:

    “Check the domain name on websites carefully. UK government sites should end gov.uk. It’s hard for crooks to get control of one of those – they can’t just be bought online like .com domains can. Also, watch out for domain names where the left hand end looks legitimate, but the right-hand end says that it belongs to someone else, as in a name like census.gov.uk.example.com. The person who owns example.com also owns and can use all domain names that end with that name, not just plain example.com itself.

    “Don’t use links in text messages or emails. The Census 2021 website is well-known and easy to find through reliable sources, including printed on the Census snail-mail you ought to have received. If you find your own way to a website where there is supposedly an “issue”, you won’t get suckered by fake links – whether that’s a “problem” with your bank, a “missed” home delivery or an online “order” you never actually placed.

    “Be extra cautious of links in text messages (SMSes). Text messages are short, simple and often written in abbreviated English, so the crooks are much less likely to make spelling and grammatical errors that might otherwise tip you off.”

    New-school security awareness training can help your employees recognize red flags associated with social engineering attacks. And keep a careful eye on text messages: they’re not all LOL.

    Naked Security has the story.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews