What is phishing and how to look out for it?
The online world has its dangerous side and phishing is one of the most common types of cybercrime. We look at what types of phishing are out there, how to spot schemes against you and how to stop phishing attacks.
What is phishing?
In the world of cyber-crime, phishing is any attempt to steal sensitive personal data for criminal and fraudulent purposes. Phishing attempts will try to obtain information such as usernames, passwords, credit card numbers by impersonating others in some form using digital communications.
It goes without saying you should always try to avoid opening anything that even looks remotely like a phishing attempt and never click on any links connected to it. Don’t worry, there are ways to protect yourself and arming yourself with some extra know-how will be beneficial in the long run.
Common types of phishing
Phishing scammers often use emails, SMS messages, social media or other messages to try and make it look like you are receiving genuine content from a trusted company or brand. The messages tend to be designed to entice you to reveal personal information they can exploit for criminal gain.
Fake email is at the heart of phishing. In a typical phishing attempt, scammers will ask you to click on a link and enter personal information, such as bank details, or open an attachment that will install malicious software (known as malware) on your computer or tablet. It’s one of the most common types of scam and, scarily, it has been reported that 30% of all phishing messages are opened by the users they target.
Other types of phishing
As time moves on, malicious actors get more elaborate and try different things. Spear phishing is the practice of sending emails from a known or trusted sender in order to get you to give up confidential information. You might also hear the term ‘Whaling Attack’, this is when cyber criminals pretend to be a senior person in an organisation (often a CEO) and also target senior staff members to try and get them to reveal sensitive data. Here are some of the more popular scams to be aware of.
How to spot a phishing scam
Phishing attempts are getting more sophisticated in their methods and increasingly difficult to spot. If you keep an eye on what arrives in your inbox though, there are a few tell-tale signs to look out for. If you are the recipient of a dodgy-looking email, ask yourself these questions:
- Who sent it? Phishing emails often have suspicious-looking email addresses that are often different from the sender. You can find out the real email address by hovering your mouse over the sender’s name. Generic email platform addresses, like Gmail, are a sure sign of a scam as are strange variants of the sender’s domain (or company name).
- Did you ask for the email? If you didn’t sign up for any service, chances are it could be a phishing situation.
- Are there unexpected attachments? You have to be especially careful if there are documents attached. It is likely to be an attempt to trick you into downloading malware on your device. As a rule of thumb, documents will only ever be attached if you requested them or they are directly relevant to a service, such as invoices or policy information.
- Are you being asked for security information or personal details? Sometimes a company will ask you for personal details. Usually this happens when you sign up and on their company webpages. Generally, you shouldn’t be asked for extra or unsolicited information and they should not be asking for full passwords or pin numbers; all not secure in an email! This goes for credit card details or login information naturally.
- Is the message using urgent or threatening language? Phishing scammers know people procrastinate on emails and so they often ask you to act quickly (or now!) so that you don’t have time to think about it. Click now, pay the price later.
- Is the language used odd or does it contain errors? With more current phishing emails, company logos can look very accurate, but the wording can seem questionable. Look out for sentences that are spelt correctly but the grammar seems off, or as if it has been pasted in from translation software.
- Does it resemble other emails from this company? As we mentioned above, some phishing emails have gone to greater lengths copying the look of official emails. One example would be a set of PayPal scams that circulated recently, which had accurate copies of the company logo. If it looks phishy, check the email address carefully and again check to see if they are asking you for more details than you expected, such as account numbers the company should already have on file.
How to prevent email phishing
It would be very difficult to prevent all phishing messages from coming to you in the first place but there are some actions you can take to eliminate danger after they arrive. If you see something you suspect might be the work of cybercriminals, here are three actions to take:
- It's a good idea to Delete the email or message straight away. Don’t forget to also flag it as ‘spam’ or ‘junk’ so your email provider can aim to filter out similar messages in future.
- Keep your security software up to date. This will often warn you of suspicious emails and emails; as well as tackling malware before any damage is done.
- Contact your financial institutions or organisations. Report any incidents quickly to your bank, credit card provider or mobile phone network.