what is phishing?
Phishing E-Mails are, for me, the scourge of the Internet.
Millions of phishing E-Mails are sent out by con men everyday.
They trap and punish anyone who falls for them, and anyone can fall for them.
But what exactly are they? How do they work?
In this guide, we'll look at what Phishing scams are and how they work.
Because if you've got an E-Mail address, your bound to get one sooner or later.
Fishing is a pastime where you throw out some bait to draw the fish in and hopefully you'll get a bite.
Phishing is exactly the same in the online world.
Scammers throw out some bait, usually in the form of E-Mails, hoping to draw you into their website.
The E-Mail will have a link or button for you to click on. It will take you to the scammer's website.
The website could well be a copy of a genuine website.
But it's not the real thing, it's a fake. It's a trap.
If they get lucky, you'll not notice the differences and quickly fill in your details.
You 'll literally give them your personal and banking details.
The whole phishing scam usually starts with an E-Mail. It'll look like it's from a genuine company or organisation.
What the scammers need, what they're desperate for, is for you to click the link or button that is included in the E-Mail.
That link will take you to a fake website. Their website.
It's often a copycat site of a genuine website. And it's very difficult to tell them apart. The real from the fake.
Once your on the site, you'll type in your bank details, your credit or debit card details, happily believing that your dealing with a genuine company.
But your not. Behind the website, there's a team of con artists copying down everything you type.
So how, exactly, do they get you to click that link in the E-Mail?
And why would anyone give out their personal and banking details?
types of phishing e-mails.
Phishing E-Mails fall into three broad categories.
- Claim Now. Refunds, bonuses, payments, special offers, service upgrades etc. To get yours, you'll need to fill in this form.
- Panic. Your account has been hacked, suspicious activity, did you send money to, your going to be cut off etc. Fill in the form.
- Curiosity. We tried to deliver, your parcel is waiting, your order is complete etc. Fill in the form
claim yours now.
Do you think your paying too much tax? Well good news, the Tax Office agrees with you. Income tax refund. Collect £20
Your bank has been overcharging you. Your building loan matures. Receive £150
Great news, you've won. You have won second prize in a beauty contest. Collect £10
To anyone that's played the Monopoly game, you might recognise some of the above (it's the beauty contest that gives it away, but I couldn't resist).
And you might even smile to yourself, and say no-one's ever going to fall that.
But here's the thing. They do. We all do. All the time.
Claim Now Phishing E-Mails are often very smart. Very clever.
They catch you when your least expecting it.
Or rather, when your most expecting it.
And it's often the timing that's important.
At the time of writing this, we're all in lockdown because of the Coronavirus.
Most Governments around the world, are paying out tax refunds, grants and loans to people & businesses to keep everyone going during lockdown.
So getting an E-Mail offering a tax refund, or some other payment might well peak your interest.
And all you need to do is click the link, fill in the form, and Bob's your uncle.
The claim yours now scams work because very few of us have enough money. We all pay far too much out.
So when a company or organisation offers you something for nothing. An upgrade on your service, or maybe a little extra cash. Maybe a bucket load of cash.
There's something inside us that really, really wants it to be true.
Even if we can't remember entering that beauty contest.
This type of phishing is designed to create a sense of panic or fear.
Someone has gained access to your account. Your about to be cut off. Your money is being stolen. Your being accused of something dreadful.
And it's incredibly effective.
We automatically go on the defensive.
We spring into action without any thought of what we're doing.
What am I being accused of, who's taking my money, why is my service being turned off?
You can't do that, you can't say that, I'll stop you.
And the quickest way to get this mess sorted out, is to click the link in the E-Mail.
Go straight to the source of the problem. Right.
That's exactly what these types of phishing scammers want. They create a sense of urgency, fear and panic.
Whatever it is, it just has to be sorted out right now. There's not a second to be lost.
Trust me on this, if you get one of these type of E-Mails, that looks like it's from your bank, you'll jump out of your seat, you'll spring into action.
We simply can't help it. It's human nature.
"Thunderbirds are go".
This type of phishing is very subtle. It plays into our natural curiosity. It tries to engender confusion.
The E-mail will often seem innocuous, not offering to make us rich and not threatening in any way.
It'll look like a normal E-Mail.
Just what have I ordered? I don't remember ordering anything.
And what's that about a "late fee".
I don't understand.
What's going on?
And so the confusion begins. Curious and worrying at the same time.
There must be some mistake, I haven't ordered anything. But what if someone else is using my account? How much am I being charged? What is it? Where's it going to be delivered?
Will someone just tell me what's going on?
and so you click the link.
With all these phishing scams, the quickest, the easiest way, to make your claim, to protect yourself or to find out what's happening, is to click that link.
You took the bait.
Clicking the link takes you to the scammer's website. It may look like the real deal, but it's not. It's a copy. It's a fake.
At some point, you'll be asked for your personal details, and then your banking details.
What happens next is as predictable as it is cruel.
dealing with phishing e-mails.
You can find thousands of articles on the Internet, in newspapers, magazines and on TV, explaining how to spot Phishing E-Mails.
Between us, it's all balderdash. No I'm not disputing the advice they give, and the examples they show. It's all good stuff.
What I'm saying is that the average user, like you and me, simply can't rely on our ability to spot the fake E-Mails from the genuine.
Not 100% of the time. And it only takes one mistake, and your life savings are gone.
Trying to pick out the odd fake from all the hundreds of real E-Mails is something for the professionals.
No, what we need is a plan. A simple rule for dealing with ALL E-Mail.
Never, ever, ever click on links or buttons in E-Mails.
It's just too easy to click the wrong one, so if at all possible, don't click any at all.
I know that's not always possible. But as a general rule, most of the time it'll work.
Don't click, stop & think.
Don't be panicked, don't be frightened or confused. Stop and think, can you contact the company or organisation some other way, rather than clicking the link.
So you've had an E-Mail from your bank. Or maybe from your credit card, Paypal, Amazon, Netflix or who ever.
They're making checks, maybe you've been hacked, your losing money.
Panic. You've got to check this out. It could be real. It looks real.
Don't click, stop & think.
Yes it could be real and you do have to act, but it could be a phishing scam.
You just don't know. It looks like other E-Mails you've had in the past. The best thing is to simply click that button and we'll soon sort it out.
But hold on a minute, let's think a moment.
Do we really need to click the link in the E-Mail?
Is that the ONLY way for us to find out what's going on? Is it?
Well NO. You don't actually need to click the button in the E-Mail.
You could check your account as you normally would, by going onto the Internet with your browser and logging in.
You could log in normally, and once there, if it's real, You should be able to find out what this is all about.
Or better still, you could phone them.....
they almost got me - a near miss story.
I'm not an expert by any means, but I do get a few phishing mails and I'm pretty good at spotting them. Not really worried about them. I trust myself. But they almost got me.
It's first thing in the morning and I'd just fired up my machines and was checking through my E-Mails, when I noticed one from my ISP.
Apparently my Debit Card was about to expire, I needed to update it in order to keep my Internet services.
Now here two things kick in. Panic and Timing.
First, I rely on my broadband for work. Without Internet access I'd be in real trouble. Panic.
Second, and this is where they got lucky, I had just received a new Debit Card because the old one had expired. Just about a month ago. Timing.
I clicked the link in the E-Mail, and the log in page for my ISP appeared. My fingers are hovered over the keyboard, I'm about to type in my details, when, I remembered that I didn't pay my ISP with my Debit Card.
I pay by Direct Debit, which is straight out of my bank, and which, crucially, doesn't have an expiry date.
It was so close, so close. Looking carefully, yes I could see now the E-Mail was phishing, the website was fake. But it was way too close for comfort.
I got away with it, I saved myself, not because I'm good with computers, or experienced with the Internet or any of that.
I got away with it because I got lucky. The kids weren't about, the dog wasn't barking, the phone wasn't ringing.
I wasn't distracted, a bit bleary eyed maybe, but not distracted, and that allowed the penny to drop, the gears to turn, or maybe it was just the coffee kicking in.
Either way, I got lucky.
Shortly after that, put this guide together.
something to watch.
I've got a couple of videos here for you. I don't often use other peoples videos, but these two are good and much better than I could do.
The first one's taking a look at a phishing website and the second one's just hilarious.
In the video, the presenter talks about BTC. That's BitCoin to you and me.
And 0.65 BTC is £5000, $6300 in real money.
I don't know if any of this is true, but I really do hope so.
End of the Line....for now.
You've reached the end of the course. I hope you've enjoyed it, and learned from it.
I'm currently working at expanding the course with new guides. But they're not ready yet.
As well as that, I'm working towards adding a new section that'll be standalone guides. Not a part of the course as such, but guides to getting a single job done on your PC.
If you feel that I've helped at all, then please help me by popping backing here in a few weeks time.
Until then, stay safe & happy, Dave