Phishing is the name given by scammers (fraudsters) to attempt to steal sensitive information from you, or to get you to pay them money.
Typically the information that they’re looking for is log in details for your online accounts (username and password).
In this basic guide we’ll look at what phishing is and how it works.
What Is Phishing
Phishing in computer terms is pretty similar to the popular pastime that it sounds like. You throw out some bait and hope to get a bite. Simple as that.
Fraudsters will generally use either email or some form of message sent to your smart phone.
What the scammers need, what they’re desperate for, is for you to click the link or button that is included in the E-Mail. That link will take you to a fake website. Their website.
Phishing websites are almost identical to the real website that they’re impersonating. In some cases you’d struggle to see the differences even with the web pages side by side.
Different Types Of Phishing.
Phishing emails and messages have various different names depending on who is being targeted, but they usually fall into one of three types. And they all have just one purpose, to get you to respond.
- Claim Yours Now – Refunds, bonuses, payments, special offers, service upgrades, a Nigerian prince etc. To get yours. Click the link.
- Panic – Your account has been hacked, suspicious activity, did you send money to, you’re going to be cut off etc. Click the link now.
- Curiosity – We tried to deliver, your parcel is waiting, see these pictures etc. Click the link.
As you might guess, clicking the link will take you to a fake website. There you’ll either be required to enter some details, hand over payment info, or your PC will pick up some form of malware. Or very possibly, all 3.
Don’t click on links in emails. Ever.
Claim Your Money Phishing.
This type of phishing attack relies on our greed. I know, we all think we’re not greedy, but at the end of the day, we are.
We’ve all heard the one about the Nigerian prince trying to move money out of his country. Send a small amount now and gain fabulous wealth later.
Or how about overpaying your tax. We all pay too much tax, don’t we.
Take this example of a fake UK tax refund website.
According to the accompanying email, I’ve paid too much and they wanted to give me some money back.
By filling out this form, I’d lose not only the contents of my bank account, but likely have my identity stolen as well.
Panic Phishing.
This type of phishing is designed to create a sense of panic or fear.
Someone has gained access to your account. You are about to be cut off. Your money is being stolen. You’re being accused of something dreadful.
You’re about to lose something. Your money, your services, your reputation, maybe even your freedom.
When something is about to be taken away from you, you’ll likely to act fast. Without thinking it through.
An example of this type of phishing is this email from Netflix.
Apparently I need to update my card details to keep my services running.
I don’t have a Netflix account. An easy spot. But many people do. And that’s the clincher. If you received this email, would you know it was fake?
Clicking on the link in the email simply takes you to a fake Netflix website. Enter your login details and card payment details and you’re done. Well and truly done.
Curiosity Phishing Scams.
Curiosity in people is very strong. These types of email phishing scams rely on that very curiosity to work.
The email will often seem innocuous, not offering to make you rich and not threatening to take anything away.
Instead it’ll seem like an informational email. Maybe someone’s trying to contact you, or trying to deliver something. Or maybe the email just won’t make any sense at all. Curious, what’s happening?
So when I got this email informing me that someone has received my payment, I started to wonder, what have I paid for?
It’s weird because I can’t remember buying anything recently. Better click the link and find out what’s going on.
And obviously I hadn’t ordered and paid for anything at all. It’s just another scam.
Sometimes these types of email are completely empty except for a link. No explanation at all.
How To Protect Yourself From Phishing Attacks.
You can find thousands of articles on the Internet, in newspapers, magazines and on TV, explaining how to spot phishing emails.
Now I’m not disputing the advice they give, and the examples they show. It’s all good stuff. But what I am saying is that the average user, like you and me, simply can’t rely on our ability to spot phishing emails from genuine ones.
The problem is that you won’t have the fake and the real one side by side. That makes spotting the difference almost impossible.
Trying to pick out the odd fake from all the hundreds of real emails is something for the professionals.
No, what we need is a plan. A simple rule for dealing with all email that’ll protect you from phishing emails.
And here it is – Don’t click links in emails.
Treat Every Email As If It Were A Phishing Email.
Every day you’ll receive emails, possibly hundreds or even thousands. Most will be genuine. But the odd few will be phishing.
Yes it could be real and you do have to act, but it could also be a phishing scam.
You just don’t know. It looks like other emails you’ve had in the past. And automatically you’ll want to simply click that button and get it sorted out. But hold on a minute, take a moment to think.
Do you really need to click the link in the message? Is that the ONLY way for you to find out what’s going on? Is it?
Well NO. You don’t actually need to click the link or button in the email at all.
What Should You Do?
Sometimes, although not always, you could just phone them. Whoever it is, especially with banks, they may have a customer phone number that you can call and ask.
If phoning isn’t possible, then open a new browser window and log in to your account.
Whether the email is purportedly from Amazon, eBay, Netflix etc, whatever has happened should be there. If anything has happened at all.
The important thing is that you get to your account as you normally would, and not by clicking the links provided in the email.
Summary.
Phishing is a scam in which the fraudsters try to trick you into either paying them directly, revealing your log in details for your bank or some other online account or maybe handing over your credit/debit card details.
The only way to avoid falling for these scams is to not take the bait. Don’t click on the links or buttons in emails. Treat each and every email as suspicious until proven otherwise.
Remember that no one is invulnerable to phishing scams, it often just comes down to timing.
Make it a golden rule that you never click a link or button in an email, regardless of the provocation, until you can prove that the email is genuine.
To Continue With The Course, Choose Your Web Browser.
To access the Internet you’ll be using a web browser. There are so many browsers that you could be using that I just can’t write a guide for each and every one.
Microsoft Edge & Google Chrome are the two most popular, so the chances are very good that you’re actually using one of these right now.
If you don’t use either, or maybe you’re just not sure, click the Google chrome option, most browsers are based on Chrome.
