Do you have “phishing awareness”?
You may have heard about internet ‘phishing’ and wondered whether you should be worried. Or worse, you may have been unlucky enough to have been victimized in the past. Either way, it’s important to know how to protect yourself from this pernicious type of internet fraud.
So, what exactly is ‘phishing’?
Phishing is a fraudulent internet activity aimed at tricking you into divulging personal details which can then be used against you.
Don’t make the mistake of thinking you won’t be fooled. Many highly cautious and tech savvy users have fallen victim to the scammers.
These unscrupulous folk will go to great lengths to lull you into a false sense of security and gain your trust. Being phished could result in the theft of your personal details – account information, credit card numbers, PIN numbers, passwords and much more.
How does ‘phishing’ work?
Phishing expeditions are typically carried out in the form of a spam email that appears to come from a perfectly legitimate source, usually a website or other source that you have regular online dealings with. It could be your bank or credit card or other finance company, an internet provider, an online retailer, your employer and even the government.
The email will ask you to confirm your personal information, often by asking you to click on what looks like a bona fide link to the company website so that you can update your details. When you click through, though, you are directed to a spoof site set up with the sole purpose of capturing your data. Chances are that you won’t suspect a thing and won’t notice the fact that the site is fraudulent.
But how do they persuade you to click on the link?
This is where it gets even more devious. The email usually contains an urgent call to action – threatening you with account closure, warning of an overdue invoice or of unauthorised activity on your account, or simply asking for a security update or missing account information. What’s more, scam artists are very adept at using company names, URLs, branding, logos etc to make their emails look authentic.
It all looks very plausible.
The Anti-Phishing Working Group (APWG) has been observing a truly shocking rise in the number of phishing attacks over the last few years, including a record breaking increase of 250% between October 2015 and March 2016. Latest figures show that about 123,000 phishing attacks took place in March of this year alone, the highest number ever.
How to protect yourself from ‘phishing’
In light of these worrying findings, it is more important than ever that internet users are fully equipped to guard against phishing.
Here are our 7 top tips to keep you safe online:
1. Make it a golden rule to never reply to emails that ask for confidential information.
Banks, official organisations and reputable e-commerce companies will NEVER request sensitive personal data via email. Scam emails often contain urgent calls to action in the subject line (e.g. ‘Your account has been suspended’, ‘Unauthorised activity detected on your account’). Also, they generally are not addressed to you personally (e.g. Dear Customer, Dear Account Holder).
2. If you’re not sure whether or not the email may be legitimate, it’s safest to contact the company direct by phone or via their website to double check.
Type in their web address (rather than clicking on a link) and be cautious about any phone number given in the email. Phishers often use links within the email to take you to a spoofed site with a similar and very genuine looking address (e.g. mybank-online.co.uk instead of mybank.co.uk).
3. Never click on links, open attachments or download any files from unknown, unrecognised and untrusted senders.
Some phishing emails or other spam contains spyware – software that is used to record your internet activities – or Trojans that will allow hackers access to the data on your computer. Don’t trust pop-up screens, enter personal information or click on one, and don’t copy a web address from a pop-up into your web browser.
In fact, even opening a spam email is a bad idea – it gives the sender confirmation that they’ve reached a live address.
4. The right way to deal with any ‘phishy’ emails you receive is to report them straight away.
Many companies have a dedicated security email that you should forward the suspicious email to so that it can be investigated and dealt with appropriately. Examples include email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org.
Once you’ve reported the email and forwarded it, delete it from your inbox forthwith.
5. The best way to keep your computer secure is by installing antivirus and anti-spyware software that will scan for malicious software on your computer and, if detected, disable it.
There are also spam filters to help protect you from receiving phishing emails. Finally, make sure your firewall is enabled and up to date at all times to block communication from unwanted sources.
6. It goes without saying that everyone should observe basic security etiquette for any online activities they carry out:
• Set strong passwords that are difficult to crack
• Don’t use the same password for all your online accounts
• Never share your PIN numbers or passwords with anyone, and don’t write them down.
• Never email any personal or financial information, even if you know the recipient. You just don’t know who may gain access to your (or the recipient’s) email account and compromise the security of your data.
• Be vigilant – remember that you could be the target of a spam or phishing attack anywhere online, so don’t be tempted to throw caution overboard.
7. Finally, check your online accounts and bank statements on a regular basis to make sure that no unauthorised transactions have taken place.
Report any suspicious activity immediately.