what is phishing?
Phishing E-Mails are, for me, the scourge of the Internet. Millions of phishing E-Mails are sent out by con men every day.
They trap and punish anyone who falls for them, and anyone can fall for them.
But what exactly are they? How do they work?
In this guide, we'll look at what Phishing scams are and how they work.
Because if you've got an E-Mail address, you're bound to get one sooner or later.
Fishing is a pastime where you throw out some bait to draw the fish in and hopefully, you'll get a bite.
Phishing is exactly the same in the online world.
Scammers throw out some bait, usually in the form of E-Mails, hoping to draw you into their website.
The E-Mail will have a link or button for you to click on. It will take you to the scammer's website.
The website could well be a copy of a genuine website.
But it's not the real thing, it's a fake. It's a trap.
If they get lucky, you'll not notice the differences and quickly fill in your details.
You'll literally give them your personal and banking details.
The whole phishing scam usually starts with an E-Mail. It'll look like it's from a genuine company or organisation.
What the scammers need, what they're desperate for, is for you to click the link or button that is included in the E-Mail.
That link will take you to a fake website. Their website.
It's often a copycat site of a genuine website. And it's very difficult to tell them apart. The real from the fake.
Once you're on the site, you'll type in your bank details, your credit or debit card details, happily believing that you're dealing with a genuine company.
But your not. Behind the website, there's a team of con artists copying down everything you type.
So how, exactly, do they get you to click that link in the E-Mail?
And why would anyone give out their personal and banking details?
the types of phishing e-mails.
Phishing E-Mails fall into three broad categories.
- Claim Now. Refunds, bonuses, payments, special offers, service upgrades etc. To get yours, you'll need to fill in this form.
- Panic. Your account has been hacked, suspicious activity, did you send money to, you're going to be cut off etc. Fill in the form.
- Curiosity. We tried to deliver, your parcel is waiting, your order is complete etc. Fill in the form
So now we'll look a little closer at each type, starting with Claim Now.
claim yours now.
Do you think you're paying too much tax? Well good news, the Tax Office agrees with you. Income tax refund. Collect £20
Your bank has been overcharging you. Your building loan matures. Receive £150
Great news, you've won. You have won second prize in a beauty contest. Collect £10
To anyone that's played the Monopoly game, you might recognise some of the above (it's the beauty contest that gives it away, but I couldn't resist).
And you might even smile to yourself, and say no-one's ever going to fall that.
But here's the thing. They do. We all do. All the time.
Claim Now Phishing E-Mails are often very smart. Very clever.
They catch you when your least expecting it.
Or rather, when you're most expecting it.
And it's often the timing that's important.
At the time of writing this, we're all in lockdown because of the Coronavirus.
Most Governments around the world, are paying out tax refunds, grants and loans to people & businesses to keep everyone going during the lockdown.
So getting an E-Mail offering a tax refund, or some other payment might well pique your interest.
And all you need to do is click the link, fill in the form, and Bob's your uncle.
Who's behind that online form?
And that's how these Phishing scams catch you out. Right now a lot of us are expecting, or maybe half expecting, to hear something.
Some notification of what we can claim, what will be refunded. Maybe from a government agency or a private company.
And it's no secret that many people are desperate right now.
Wallop, there it is. Go ahead, fill in the form, you'll find it's much easier than you thought it would be.
The claim yours now scams work because very few of us have enough money. We all pay far too much out.
So when a company or organisation offers you something for nothing. An upgrade on your service, or maybe a little extra cash. Maybe a bucket load of cash.
There's something inside us that really, really wants it to be true.
Even if we can't remember entering that beauty contest.
This type of phishing is designed to create a sense of panic or fear.
Someone has gained access to your account. Your about to be cut off. Your money is being stolen. You're being accused of something dreadful.
And it's incredibly effective.
In the Claim yours now scams, they're offering to give you something. In essence, they're working on our greed or desperation.
Panic Phishing works the other way round. You're about to lose something.
And boy oh boy you better act fast or someone else is going to make off with what's yours.
We all automatically go on the defensive.
We spring into action without any thought of what we're doing.
What am I being accused of, who's taking my money, why is my service being turned off?
You can't do that, you can't say that, I'll stop you.
And the quickest way to get this mess sorted out, is to click the link in the E-Mail.
Go straight to the source of the problem. Right.
That's exactly what these types of phishing scammers want. They create a sense of urgency, fear and panic.
Whatever it is, it just has to be sorted out right now. There's not a second to be lost.
Trust me on this, if you get one of these types of E-Mails, that looks like it's from your bank, you'll jump out of your seat, you will spring into action.
We simply can't help it. It's human nature.
"Thunderbirds are go".
This type of phishing is very subtle. It plays into our natural curiosity. It tries to engender confusion.
The E-mail will often seem innocuous, not offering to make us rich and not threatening to take anything away.
No, it'll seem like an informational E-Mail.
Someone's trying to contact me, trying to deliver something. I've paid for something.
Just what have I ordered? I don't remember ordering anything.
And what's that about a "late fee".
I don't understand.
What's going on?
And so the confusion begins. Curious and maybe a little worrying at the same time.
There must be some mistake, I haven't ordered anything. But what if someone else is using my account? How much am I being charged? What is it? Where's it going to be delivered?
Will someone just tell me what's going on?
and so you click the link.
With all these phishing scams, the quickest way, the easiest way, to make your claim, to protect yourself or to find out what's happening, is to click that link.
And if you do, you've taken the bait.
Clicking the link takes you to the scammer's website. It may look like the real deal, but it's not. It's a copy. It's a fake.
At some point, you'll be asked for your personal details, and then your banking details.
What happens next is as predictable as it is cruel.
dealing with phishing e-mails.
You can find thousands of articles on the Internet, in newspapers, magazines and on TV, explaining how to spot Phishing E-Mails.
Between us, it's all balderdash. No, I'm not disputing the advice they give, and the examples they show. It's all good stuff.
But what I'm saying is that the average user, like you and me, simply can't rely on our ability to spot the fake E-Mails from the genuine.
Not 100% of the time. And it only takes one mistake, and your life savings are gone.
Trying to pick out the odd fake from all the hundreds of real E-Mails is something for the professionals.
No, what we need is a plan. A simple rule for dealing with ALL E-Mail.
every e-mail is a suspect.
Since we can't rely on our own intuition to spot phishing e-mails, we simply have to suspect EVERY e-mail.
Just like on the cop shows on TV. "Surely Detective, you can't suspect me?" To which the Detective replies "Until proved otherwise, everyone is a suspect".
And that's the way to approach your E-Mails. Anyone of which could be the scam.
Never, ever, ever click on links or buttons in E-Mails.
It's just too easy to click the wrong one, so if at all possible, don't click any at all.
I know that's not always possible. But as a general rule, most of the time it'll work.
Don't click, stop & think.
Don't be panicked, don't be frightened or confused. Stop and think, can you contact the company or organisation some other way, rather than clicking the link.
So you've had an E-Mail from your bank. Or maybe from your credit card, Paypal, Amazon, Netflix or whoever.
They're making checks, maybe you've been hacked, your losing money.
Panic. You've got to check this out. It could be real. It looks real.
Don't click, stop & think.
Yes it could be real and you do have to act, but it could also be a phishing scam.
You just don't know. It looks like other E-Mails you've had in the past. And automatically you'll want to simply click that button and get it sorted out.
But hold on a minute, let's take a moment to think. Do we really need to click the link in the E-Mail?
Is that the ONLY way for us to find out what's going on? Is it?
You don't actually need to click the button in the E-Mail.
Sometimes, although not always, you could just call into the bank in person.
Or maybe you could phone them.
Obviously you wouldn't call them on any number offered in the suspect E-Mail though.
Or you could check your account as you normally would, by going onto the Internet with your browser and logging in.
You could log in normally, and once there, if it's real, you should be able to find out what this is all about.
be careful out there.
There's an old adage that says "Don't believe everything you read".
And just because it's on the computer, in an E-Mail, doesn't make it any more true.
Keep your wits about you, don't trust any E-Mails.
And especially, don't click links in them and don't call any phone numbers in them.
end of the line...for now.
You've reached the end of the course. I hope you've enjoyed it, and learned from it.
I'm currently working at expanding the course with new guides. But they're not ready yet.
If you feel that I've helped at all, then may I suggest you take a look in the At Home Computer Guides section of my site?
Until we meet again, stay safe and happy.
"And may the click be with you young Cyberwalker"