Phishing is a way of trying to get you to hand over money or log in details for your online accounts. Usually, they’ll arrive in the form of an email, but can also be phone calls and text messages.
In this guide, we’ll look at what exactly phishing is, how it works and how it traps you into unwittingly handing over your cash or details.
What Is Phishing?
Fishing is a pastime where you throw out some bait to draw the fish in and hopefully, you’ll get a bite.
Phishing is exactly the same in the online world. Scammers throw out some bait, usually in the form of emails, hoping to draw you into their website.
What the scammers need, what they’re desperate for, is for you to click the link or button that is included in the E-Mail. That link will take you to a fake website. Their website.
It’s often a copycat site of a genuine website. And it’s very difficult to tell them apart. The real from the fake. Once you’re on the site, you’ll type in your bank details, your credit or debit card details, happily believing that you’re dealing with a genuine person or company.
But your not. Behind the website, there’s a team of con artists copying down everything you type.
So how, exactly, do they get you to click that link in the E-Mail? And why would anyone give out their personal and banking details?
The 3 Different Types Of Phishing Emails.
Broadly speaking there are 3 different types (or categories) of phishing emails.
- Claim Now Phishing – Refunds, bonuses, payments, special offers, service upgrades etc. To get yours, you’ll need to fill in this form.
- Panic – Your account has been hacked, suspicious activity, did you send money to, you’re going to be cut off etc. Fill in the form.
- Curiosity – We tried to deliver, your parcel is waiting, your order is complete etc. Fill in the form
1. Claim Yours Now Phishing.
Do you think you’re paying too much tax? Well good news, the Tax Office agrees with you. Income tax refund. Collect £20. Your bank has been overcharging you. Your building loan matures. Receive £150. Great news, you’ve won. You have won second prize in a beauty contest. Collect £10
To anyone that’s played the Monopoly game, you might recognise some of the above (it’s the beauty contest that gives it away, but I couldn’t resist). And you might even smile to yourself, and say no-one’s ever going to fall that.
But here’s the thing. They do. We all do. All the time.
Claim Now Phishing E-Mails are often very smart. Very clever. They catch you when your least expecting it. Or rather, when you’re most expecting it. And it’s often the timing that’s important.
At the time of writing this, we’re all in lockdown because of the Coronavirus.
Some Governments are paying out tax refunds, grants and loans to people & businesses to keep everyone going during the lockdown.
So getting an E-Mail offering a tax refund, or some other payment might well pique your interest. After all, it’s been in the news, on TV and you’re half expecting it.
All you need to do is click the link in the email, fill in the form, and Bob’s your uncle.
2. Panic Phishing.
This type of phishing is designed to create a sense of panic or fear.
Someone has gained access to your account. You are about to be cut off. Your money is being stolen. You’re being accused of something dreadful. And it’s incredibly effective.
In the Claim yours now scams, they’re offering to give you something. In essence, they’re working on our greed or desperation.
Panic Phishing works the other way round. You’re about to lose something. Your money, your services, your reputation, maybe even your freedom.
And boy oh boy you better act fast. We all automatically go on the defensive.
We spring into action without any thought of what we’re doing.
What am I being accused of, who’s taking my money, why is my service being turned off?
You can’t do that, you can’t say that I’ll stop you.
And the quickest way to get this mess sorted out, is to click the link in the E-Mail.
Go straight to the source of the problem. Right.
That’s exactly what these types of phishing scammers want. They create a sense of urgency, fear and panic.
Whatever it is, it just has to be sorted out right now. There’s not a second to be lost. Trust me on this, if you get one of these types of E-Mails, that looks like it’s from your bank, you’ll jump out of your seat, you will spring into action.
We simply can’t help it. It’s human nature. “Thunderbirds are go”.
3. Curiosity Phishing.
This type of phishing is very subtle. It plays into our natural curiosity. It tries to engender confusion. The email will often seem innocuous, not offering to make you rich and not threatening to take anything away.
No, it’ll seem like an informational email. Someone’s trying to contact you, trying to deliver something. Or maybe the email just won’t make any sense at all. Curious, what’s happening?
Just what have I ordered?
And what’s that about a “late fee”.
I don’t understand.
What’s going on?
And so the confusion begins. Curious and maybe a little worrying at the same time. There must be some mistake, I haven’t ordered anything. But what if someone else is using my account? How much am I being charged? What is it? Where’s it going to be delivered?
Will someone just tell me what’s going on?
And So You Click The Link.
With all these phishing scams, the quickest way, the easiest way, to make your claim, to protect yourself or to find out what’s happening, is to click that link.
And if you do, you’ve taken the bait. Which is where these scams get their name. Phishing.
Clicking the link takes you to the scammer’s website or releases a virus on your computer, or maybe some form of ransomware that’ll encrypt all your files in just a few minutes.
No one is immune to phishing emails, it’s all about the timing.
They Almost Got Me.
Last year they almost got me, almost. I received an email from my ISP asking me to update my card payment details or my Internet connection would be terminated. Click the button.
Guess what, just that week I had received a new card. Only four days earlier my replacement card had dropped through my letterbox. It’s all about the timing. I’m about to break the golden rule “Never click a link or button in an email”.
With my mouse pointer hovering over the button, I remembered that I pay my ISP by Direct Debit. Nothing at all to do with my cards, no expiry dates etc. It’s just paid straight from my bank account. It was close, way too close.
Dealing With Phishing Emails.
You can find thousands of articles on the Internet, in newspapers, magazines and on TV, explaining how to spot phishing emails.
Now I’m not disputing the advice they give, and the examples they show. It’s all good stuff. But what I am saying is that the average user, like you and me, simply can’t rely on our ability to spot fake emails from genuine ones.
Not 100% of the time. And it only takes one mistake, and your life savings are gone.
Trying to pick out the odd fake from all the hundreds of real emails is something for the professionals.
No, what we need is a plan. A simple rule for dealing with all email. A Golden Rule.
Treat Every Email As A Suspect.
Just like on the cop shows on TV. “Surely Detective, you can’t suspect me?” To which the Detective replies “Until proven otherwise, everyone is a suspect”.
And that’s the way to approach your emails. Anyone of which could be the scam. No matter what the contents of the message, no matter what you’re being accused of, no matter what you’re being offered, no matter what is being taken away, no matter how interesting it may appear.
Never, ever, ever click on links or buttons in emails.
It’s just too easy to click the wrong one, so if at all possible, don’t click any at all. I know that’s not always possible. But as a general rule, most of the time it’ll work.
Don’t click, stop & think.
Don’t be panicked, don’t be frightened or confused. Stop and think, can you contact the person, company or organisation some other way, rather than clicking on the link in the email.
So you’ve had an E-Mail from your bank. Or maybe from your credit card, Paypal, Amazon, Netflix or whoever.
They’re making checks, maybe you’ve been hacked, your losing money.
Panic. You’ve got to check this out. It could be real. It looks real.
Don’t click, stop & think.
Yes it could be real and you do have to act, but it could also be a phishing scam.
You just don’t know. It looks like other emails you’ve had in the past. And automatically you’ll want to simply click that button and get it sorted out. But hold on a minute, take a moment to think. Do you really need to click the link in the message? Is that the ONLY way for you to find out what’s going on? Is it?
Well NO. You don’t actually need to click the button in the email.
Sometimes, although not always, you could just call into the bank in person.
Or maybe you could phone them.
Obviously, you wouldn’t call them on any number offered in the suspect email though.
Or you could check your account as you normally would, by going onto the Internet with your browser and logging in.
You could log in normally, and once there, if it’s real, you should be able to find out what this is all about.
Opening your web browser (Chrome, Edge, Firefox or whichever one you use) and then logging into your account will solve most issues. Whether the email is purportedly from Amazon, eBay, Netflix etc, whatever has happened should be there. If anything has happened at all. The important thing is that you get to your account as you normally would, not by clicking the links provided in the email.
Example Of A Real Phishing Email.
I thought it might be useful here to show a “genuine” phishing email and to follow it through up to the moment we’re going to be scammed.
The scam begins as a “curiosity type phishing email” and then turns into a “claim yours now” scam.
I received this email recently.
As you can see, there’s nothing in it except for a single file. However, it has been forwarded to a whole lot of other people.
But just what is that file? Is it something I need? Something I should have?
It’s our natural curiosity that these types of emails appeal to. That single file, without an accompanying explanation, is a bother.
You’ll get similar emails to this that include just a link. Sometimes they’ll have the word “Hi” in the body. Delete them immediately.
Ignoring my own advice I click on the file.
My browser opens and I’m taken to a Bitcoin Mining website.
Almost immediately I arrive at the website, a pop up appears.
Apparently, I’ve accumulated 0.7495 Bitcoins. Or over £3400 at today’s prices.
That’s pretty good for something I didn’t even know I’d signed up for.
But oh no. Apparently, I have to claim it today, or else I’ll lose it.
This is where the scam really kicks in. It’s a variation of the old “You’ve won the lottery in a foreign country” scam. Yes, it’s using Bitcoin, which is a bit more specialised, but many people around the world are getting into Bitcoin, and don’t forget that these emails, these phishing emails, are sent out in the million.
Although you might not personally have any Bitcoin, the sheer number of these types of emails that are sent out means that they are bound to land in someone’s inbox that does hold some Bitcoin.
As I scroll down the page to see how I can claim all that lovely money, there’s even a countdown timer. Just to reinforce the urgency.
Don’t think, click.
And so, with no time to lose, I do just that.
Now I need to enter my Bitcoin wallet address.
Since I don’t actually have a Bitcoin wallet, I can’t enter the address for it.
But since they aren’t actually going to pay me anything anyway, I’ll try entering abc123. See if it accepts that.
A quick note about Bitcoin wallet addresses.
A Bitcoin wallet works much like a bank account. In order for anyone to pay money into your bank account, you need to give them your account number. The important thing is that they can only pay into your account. They can’t withdraw money from your account.
To get money from your bank account, they would need you to log in and make a transfer. Bitcoin wallets work pretty much the same.
So now the question is “How does the scam work”. At the moment, they’re promising to pay me 0.7495 BTC, but it’s not much of a scam if they pay me.
And there it is.
“In order to confirm your transaction, pay the miners fee (min 0.00193 BTC)”.
There’s the scam, I have to pay them first and then they’ll pay me.
At today’s rates, I need to pay around £90 in order to receive £3400. Gotta say that’s not a bad deal. But I think I’ll pass.
What Is Phishing? Conclusion.
Phishing is a scam in which the scammers try to trick you into either paying them directly, revealing your log in details for your bank or some other online account or maybe handing over your credit/debit card details.
The only way to avoid falling for these scams is to not take the bait. Don’t click on the links or buttons in emails. Treat each and every email as suspicious until proven otherwise.
Remember that no one is invulnerable to phishing scams, it often just comes down to timing.
Make it a golden rule that you never click a link or button in an email, regardless of the provocation, until you can prove that the email is genuine.
More Guides From At Home Computer
Getting It Done, One Guide At A Time