Phishing scams is one of the most prevalent forms of cyber crime, and unfortunately it happens on a daily basis. a Phishing scam is a term used for criminals that attempt to steal confidential information from you. These scammers will send out thousands and thousands of emails pretending to be banks, credit card companies, utility companies, online auction websites and other organisations in an attempt to fool you.
What is Phishing?
“Phishing” (pronounced “Fishing”) is a term used that refers to online identity theft. This form of Cyber Crime is unfortunately becoming more prevalent amongst hackers. By using fraudulent websites, false email addresses and other plausible methods online, those behind phishing scams attempt to steal your personal data, including passwords, credit / debit card information, login details to various websites and account information.
Criminals get hold of this information by sending you emails and links to websites that look familiar and trusted, such as your online banking provider, social media networks, utility providers and more. Some of the websites that are spoofed most regularly include banks, auction websites, PayPal, eBay, Apple, Microsoft and many, many more.
With more and more sophisticated fake websites being created and spoof emails being sent by online criminals nowadays, compared to the more “obviously” fake websites that used to be distributed in years gone by, it is becoming increasingly harder to detect a phishing email or website to a genuine one, however there are ways in which you can ensure you protect yourself against phishing scams.
How can I protect myself against Phishing?
What to look for and how to detect a fake email
It is really quite easy to spot a fake email if you look carefully. We go into more detail below, however here is a handy bullet point list to refer to if you are ever in doubt as to the authenticity of an email.
- A fake email will ask for personal information, such as username, password or credit card / debit card details. Your Bank would never, ever do this.
- The email address used to send the fake email will not exactly match the organisation.
- It is highly likely that the fake email would have been sent using a free email account, such as GMail, Hotmail, Yahoo or similar.
- The email will address you in a generic way, such as “Dear Customer” or some other non-specific greeting, rather than your first name or surname.
- A fake email will try to make you think that there is a sense of urgency, with sentences like “act now or your account will be suspended” or similar.
- The link in the email won’t exactly match up to the genuine organisation, even if it is very close to it – it may be as close as one character or letter different, so be vigilant of this.
- You were not expecting to receive an email from that organisation, or the email might come as a surprise, if you haven’t received genuine emails from them in the past.
- A fake email can sometimes be made up of just images, which includes the text area of the email. What this will be is one big hyperlink so no matter where you click within the email it will take you to a fake website, so be careful not to click anywhere on the email.
Hover over the website links
A top tip when looking at any website links in a Phishing email or on a website that you suspect is fake is to hover over the website link with your mouse – but don’t click on it – and if you look in the status bar at the bottom of the email window or browser/tab, you will see the actual link to the web page that you would be taken to if you had clicked on the link. In most cases the website link will not relate to the actual company showing in the Phishing email or fake web page.
What to look for and how to detect a fake website
All modern web browsers, such as FireFox and Chrome will automatically filter and warn you of Phishing websites and give you the option to “proceed to safety”, however they are not always 100% successful, so here are some tips to spot fake websites.
- Use your instincts – if something doesn’t look quite right – or even slightly wrong – then it probably is a fake/Phishing website. Close the page.
- The website address will not match that of the genuine organisation “exactly” – it could be as close as one character or number different, so be aware of this.
- Many genuine websites are encrypted nowadays – this means a small padlock will display next to the address bar. This shows that you are securely connected to the website and it is safe.
- Fake / Phishing websites will normally ask you to enter personal information, such as username/password, credit/debit card details or other similar personal information in FULL when you may only be asked for SOME of this information on the genuine organisations website. If you are asked to enter all your information, contact the genuine organisation to verify this is correct first.
- To verify the destination of any website links on the website can also be done by hovering over the link, then right clicking on the link, and then selecting “Properties” or similar from the popup menu that appears. From here you can check the actual destination of the link that you would be taken to if you actually clicked on it.
Don’t be pressured into giving over sensitive information
Online criminals like to use scare tactics to pressurise you into handing over sensitive information, such as threatening to disable an account, delay services or lock your account until you update certain information. Be sure to contact the genuine company directly to confirm whether or not this email has come from them – in nearly all cases it wouldn’t have.
Check things like privacy policies on genuine websites
A majority of genuine, commercial websites, such as eBay, PayPal, high street Banks and others will have a privacy policy which can usually be found at the bottom of their website. Within the privacy policy you will find information on whether the company sells it’s mailing list to third parties or not, and more importantly the privacy policy will tell you the genuine organisations policies on sending emails to its customers, and whether or not you should expect to receive emails from them periodically or not.
Most of the spam emails you will receive on a daily basis – as well as potentially unsafe Phishing emails – are coming to you because a website you have signed up to in the past has sold your email address to another third party company. If you are not happy about having your email address sold onto other companies, you should think carefully about this whenever signing up to a website (and check their Privacy Policy).
Be wary of generic looking requests
Nearly all fake / fraudulent emails are never personalised, and will contain generic information and will have a generic greeting at the top, such as “Dear Customer” or “Dear Sir” or “Greetings Of The Day”. Any emails that come from genuine organisations will be personal – “Dear Mr Smith” or similar, and will reference your account details in the correct way. You will also find that you will receive some Phishing emails from organisations you aren’t signed up to or have accounts with.
Never, ever submit confidential information via forms that show within the email. The information you send can be tracked. If in doubt, contact the organisation to verify the email is genuine.
Unless you are 100% certain that the link you are going to click on within the email is genuine, the best practice is to not click the link, but instead open a browser window and type in the website link directly into the address bar. In many cases a Phishing website will look identical to the original, however the web address WILL be different.
Make sure you use a good anti virus package that will automatically block suspicious websites and emails. Some packages also authenticate major banking and shopping websites.
Final thoughts and summary
Whilst it is very, very important to ensure the integrity and authenticity of any website or email and be sure that, when sending personal details online, you are only sending them to genuine organisations, you shouldn’t let the concern of Phishing emails or fake websites deter you from enjoying the internet to its fullest and using it for all it can offer to you.
If you are in any doubt, the one golden rule is to make sure you very carefully check any suspect emails or websites before you proceed any further. Following this rule will ensure you keep yourself – and your personal data – as secure as possible.