Keep yourself safe online – Phishing

Hands on a laptop next to security symbols

by Joe Lonergan

Over the next few weeks, we will highlight some helpful tips of how to keep yourself safe online and avoid the pitfalls of online fraud.

The first one we will concentrate on is phishing. Phishing is one of the most common types of online fraud. The attacker pretends to be a reputable entity or person usually using e mail as their form of communication. The goal of the attacker is usually to gain your log in credentials or your bank details and will commonly pretend to be from the national post service or a financial service or organisation. Other popular scams to look out for are emails from utility companies pretending to make sure your details are up to date followed by threats to cut off your service if details are not updated. These types of phishing techniques are very sneaky and the attackers prey on thousands of people in the hope of catching one or two vulnerable people, which is why it is called phishing.

In the last few years phishing has branched into phone calls this method is called Vishing (short for Voice phishing), and the other type that has become very popular due to smart phone use is social media and SMS text messaging fraud called Smishing (short for SMS phishing). The text message fraud can be particularly deceiving as the scam is so well designed that it goes into the same thread as messages already sent to you from your post office or banking services. This is all to trick you into thinking it is legitimate. We are not picking on banking services but keep in mind banks and other financial services will never send you texts or emails looking for personal information such as account numbers or log in details.

So how do I spot a Phishing attack?
The common denominator of phishing attacks no matter what form of communication the attacker decides to use is a form of deception. Now with fraudsters using AI for phishing purposes it is getting more sophisticated and difficult to spot all the time.

Things to look for to help you recognise a Phishing attack:

  • Poor spelling can be the first giveaway; most reputable companies will not send you a poorly written email with some spelling or grammar mistakes.
  • A dodgy looking email address, if you think an email you received is phishing you could go to the sender’s email address and usually if it looks wrong or the domain name comes from a different country.
  • URL looks wrong, if you get text messages asking you to click on links to update your details, usually a quick glance at the URL will signal it is not a reputable web address and as mentioned above most business will never send you messages asking you to update details without your request.
  • It’s too good to be true, if you ever get a message announcing that you have won the lotto or a holiday or some other unbelievable prize then it is most likely phishing, it might say something like enter your details to claim your prize. This type of email should be deleted straight away.

Phishing can also be used to spread malware or ransomware so never open an attachment if you do not know the sender. If you work in an organisation, it has become common to get phishing emails from fraudsters that pretend to be your boss. These type of emails play on the fact that most employees will reply quickly to their boss without thinking but be extra careful as you could put the businesses data at risk as well as your own.

In Summary
By now you should have a good idea how to spot a phishing email or text message so please stay vigilant and do not get caught.