Phishing attacks are a nasty business. Not only do they have the potential to clear out a victim’s bank account, but also leave the person feeling very foolish due to the fact that they were tricked into giving away their details.
So, what exactly is a phishing scam, and how can you avoid falling for them? Here's what you need to know.
What is Phishing?
Phishing (which is pronounced the same as fishing) is an old style of internet scam that uses fake emails posing as warnings from banks or other organisations.
Within these communiques are links the reader can click which takes them to a page where they can enter their account details. Of course, these links are not to the authentic site, but instead a place where the scammers harvest the login details of the victim.
What makes phishing attacks successful is that they often use the logos from the organisations in the emails, making them look like official messages.
How can I protect myself from a phishing scam?
While the more sophisticated scams can be harder to spot, there are some steps you can take to protect yourself from being fooled.
1. Don’t click on links
The golden rule is simply not to click on links in emails or messages that then require you to log in. Even if you’ve been sent an urgent warning that your password has been hacked, or that your account is about to be deactivated for one reason or another, don’t be tempted.
In the vast majority of cases these will be false messages, and if you decide to click on the link and enter your details, then expect your bank account to provide proof shortly afterwards.>
It’s not always banking sites that are used, you’ll also see phishing attacks for Gmail, Facebook, Amazon, Apple, or other popular high-profile services that have your credit card details attached.
The best way to avoid being duped by one of these emails is to open a new window in your browser and then type in the website address manually and then log into your account (not copying and pasting the link from the message). If there is a problem, you will see it and can then take steps to fix it yourself.
2. Spot a badly written email
It’s true that the occasional typo can creep into any email, but scam emails are often badly written, with grammatical errors that betray the amateur nature of the composition.
Look for any weirdly constructed sentences that just seem wrong. This could be mixed tenses, strange use of language, or anything that stands out to you. Like this:
True, things have come a long way from the barely legible efforts of the early 2000s, but emails such as the one above are still common. Just watch out for those which are more eloquent and better formatted. The fact is, no-one is going to offer you millions of dollars, or pounds, or any currency out of the blue.
3. Don’t be tempted by prizes
What can be better than seeing a message appear in your inbox letting you know that you've won a competition that you can’t even remember entering?
Here’s what: not getting stung by a phishing scam!
If you suddenly find yourself the winner of a prize, and you're told to click this link and enter your details…..stop. This is just a variant of the phishing attack we talked about earlier.
Sad as it is, the truth almost invariably boils down to that if it seems too good to be true, it is.
4. Don’t help 'friends' in need
Ok, we admit, this one sounds pretty bizarre. Don’t worry though, it’s not a call for all altruism to be scrapped, instead it’s warning against a particular style of attack.
The ‘stranded traveller’ is a pernicious scam that sends victims a message from a friend or loved one saying that they’re stuck abroad with no money (either it’s been stolen or some other disaster has befallen them) and desperately need you to wire them emergency funds.
As you might expect, those funds would disappear into the ether the moment you press send. Once more, the way to authenticate the situation is to contact the person who supposedly sent the message.
5. A checklist to remember
There are common themes running through the ideas above, so it’s worth boiling them down to the bare bones:
- Don’t click on email links which ask you to log into your account
- Don't give anyone your account details
- You haven't won competitions you didn't enter
- Don't send money unless you know that messages are real and from whom they claim to be
It’s a poor state of affairs when our advice is not to trust anything you receive in your inbox. But, we’d rather you be safe than sorry.
To protect yourself from other threats also read our Best computer security tips feature.