Phishing is a way of trying to get you to hand over money or log in details for your online accounts. Usually, they’ll arrive in the form of an email, but can also be phone calls and text messages.
In this guide, we’ll look at what exactly phishing is, how it works and how it traps you into unwittingly handing over your cash or details.
What Is Phishing?
Fishing is a pastime where you throw out some bait to draw the fish in and hopefully, you’ll get a bite.
Phishing is exactly the same in the online world. Scammers throw out some bait, usually in the form of emails, hoping to draw you into their website.
What the scammers need, what they’re desperate for, is for you to click the link or button that is included in the E-Mail. That link will take you to a fake website. Their website.
It’s often a copycat site of a genuine website. And it’s very difficult to tell them apart. The real from the fake. Once you’re on the site, you’ll type in your bank details, your credit or debit card details, happily believing that you’re dealing with a genuine person or company.
But your not. Behind the website, there’s a team of con artists copying down everything you type.
So how, exactly, do they get you to click that link in the E-Mail? And why would anyone give out their personal and banking details?
The 3 Different Types Of Phishing Emails.
Broadly speaking there are 3 different types (or categories) of phishing emails :
- Claim Now Phishing – Refunds, bonuses, payments, special offers, service upgrades etc. To get yours, you’ll need to fill in this form.
- Panic – Your account has been hacked, suspicious activity, did you send money to, you’re going to be cut off etc. Fill in the form.
- Curiosity – We tried to deliver, your parcel is waiting, your order is complete etc. Fill in the form
Claim Yours Now Phishing.
Do you think you’re paying too much tax? Well good news, the Tax Office agrees with you. Income tax refund. Collect £20. Your bank has been overcharging you. Your building loan matures. Receive £150. Great news, you’ve won. You have won second prize in a beauty contest. Collect £10
To anyone that’s played the Monopoly game, you might recognise some of the above (it’s the beauty contest that gives it away, but I couldn’t resist). And you might even smile to yourself, and say no-one’s ever going to fall that.
But here’s the thing. They do. We all do. All the time.
Claim Now Phishing E-Mails are often very smart. Very clever. They catch you when your least expecting it. Or rather, when you’re most expecting it. And it’s often the timing that’s important.
At the time of writing this, we’re all in lockdown because of the Coronavirus.
Some Governments are paying out tax refunds, grants and loans to people & businesses to keep everyone going during the lockdown.
So getting an E-Mail offering a tax refund, or some other payment might well pique your interest. After all, it’s been in the news, on TV and you’re half expecting it.
All you need to do is click the link in the email, fill in the form, and Bob’s your uncle.
This type of phishing is designed to create a sense of panic or fear.
Someone has gained access to your account. You are about to be cut off. Your money is being stolen. You’re being accused of something dreadful. And it’s incredibly effective.
In the Claim yours now scams, they’re offering to give you something. In essence, they’re working on our greed or desperation.
Panic Phishing works the other way round. You’re about to lose something. Your money, your services, your reputation, maybe even your freedom.
And boy oh boy you better act fast. We all automatically go on the defensive.
We spring into action without any thought of what we’re doing.
What am I being accused of, who’s taking my money, why is my service being turned off?
You can’t do that, you can’t say that I’ll stop you.
And the quickest way to get this mess sorted out, is to click the link in the E-Mail.
Go straight to the source of the problem. Right.
That’s exactly what these types of phishing scammers want. They create a sense of urgency, fear and panic.
Whatever it is, it just has to be sorted out right now. There’s not a second to be lost. Trust me on this, if you get one of these types of E-Mails, that looks like it’s from your bank, you’ll jump out of your seat, you will spring into action.
We simply can’t help it. It’s human nature. “Thunderbirds are go”.
This type of phishing is very subtle. It plays into our natural curiosity. It tries to engender confusion. The email will often seem innocuous, not offering to make you rich and not threatening to take anything away.
No, it’ll seem like an informational email. Someone’s trying to contact you, trying to deliver something. Or maybe the email just won’t make any sense at all. Curious, what’s happening?
Just what have I ordered?
And what’s that about a “late fee”.
I don’t understand.
What’s going on?
And so the confusion begins. Curious and maybe a little worrying at the same time. There must be some mistake, I haven’t ordered anything. But what if someone else is using my account? How much am I being charged? What is it? Where’s it going to be delivered?
Will someone just tell me what’s going on?
And So You Click The Link.
With all these phishing scams, the quickest way, the easiest way, to make your claim, to protect yourself or to find out what’s happening, is to click that link.
And if you do, you’ve taken the bait. Which is where these scams get their name. Phishing.
Clicking the link takes you to the scammer’s website or releases a virus on your computer, or maybe some form of ransomware that’ll encrypt all your files in just a few minutes.
No one is immune to phishing emails, it’s all about the timing.
Dealing With Phishing Emails.
You can find thousands of articles on the Internet, in newspapers, magazines and on TV, explaining how to spot phishing emails.
Now I’m not disputing the advice they give, and the examples they show. It’s all good stuff. But what I am saying is that the average user, like you and me, simply can’t rely on our ability to spot fake emails from genuine ones.
Not 100% of the time. And it only takes one mistake, and your life savings are gone.
Trying to pick out the odd fake from all the hundreds of real emails is something for the professionals.
No, what we need is a plan. A simple rule for dealing with all email. A Golden Rule.
Treat Every Email As A Suspect.
Just like on the cop shows on TV. “Surely Detective, you can’t suspect me?” To which the Detective replies “Until proven otherwise, everyone is a suspect”.
And that’s the way to approach your emails. Anyone of which could be the scam. No matter what the contents of the message, no matter what you’re being accused of, no matter what you’re being offered, no matter what is being taken away, no matter how interesting it may appear.
Never, ever, ever click on links or buttons in emails.
It’s just too easy to click the wrong one, so if at all possible, don’t click any at all. I know that’s not always possible. But as a general rule, most of the time it’ll work.
Don’t click, stop & think.
Don’t be panicked, don’t be frightened or confused. Stop and think, can you contact the person, company or organisation some other way, rather than clicking on the link in the email.
As an example, let’s say you get an email from your bank. Or maybe from your credit card, Paypal, Amazon, Netflix or whoever.
They’re making checks, maybe you’ve been hacked, your losing money.
Panic. You’ve got to check this out. It could be real. It looks real.
Don’t click, stop & think.
Yes it could be real and you do have to act, but it could also be a phishing scam.
You just don’t know. It looks like other emails you’ve had in the past. And automatically you’ll want to simply click that button and get it sorted out. But hold on a minute, take a moment to think. Do you really need to click the link in the message? Is that the ONLY way for you to find out what’s going on? Is it?
Well NO. You don’t actually need to click the button in the email.
Sometimes, although not always, you could just call into the bank in person. Or maybe you could phone them. Obviously, you wouldn’t call them on any number offered in the suspect email though.
Or you could check your account as you normally would, by going onto the Internet with your browser and logging in.
You could log in normally, and once there, if it’s real, you should be able to find out what this is all about.
Opening your web browser (Chrome, Edge, or whichever one you use) and then logging into your account will solve most issues.
Whether the email is purportedly from Amazon, eBay, Netflix etc, whatever has happened should be there. If anything has happened at all.
The important thing is that you get to your account as you normally would, not by clicking the links provided in the email.
What Is Phishing? Conclusion.
Phishing is a scam in which the scammers try to trick you into either paying them directly, revealing your log in details for your bank or some other online account or maybe handing over your credit/debit card details.
The only way to avoid falling for these scams is to not take the bait. Don’t click on the links or buttons in emails. Treat each and every email as suspicious until proven otherwise.
Remember that no one is invulnerable to phishing scams, it often just comes down to timing. Make it a golden rule that you never click a link or button in an email, regardless of the provocation, until you can prove that the email is genuine.
To Continue With The Course Choose Your Web Browser.
To access the Internet you’ll be using a web browser. There are so many browsers that you could be using that I just can’t write a guide for each and every one.
Microsoft Edge & Google Chrome are the two most popular, so the chances are very good that you’re actually using one of these right now.
If you don’t use either, or maybe you’re just not sure, click the Google chrome option, most browsers are based on Chrome.
These easy to follow guides aren’t part of the course, rather, they are standalone guides. They extend beyond the basics that we’re covering on the course.