Phishing is the attempt to gain personal and sensitive information (usernames, passwords, financial details) for a malicious purpose.
Phishing scams usually involve the receipt of a spoof email where the criminal impersonates a trustworthy and reputable business or organisation such as a bank, online store or social media website. In the fake email, the criminal will try to trick the victim into clicking on a link that will take them to a website that is either infected with malware or to a convincing clone of a real website where they freely give their private details away without realising.
How to spot a phishing scam
- Hover over ALL the links on the email and look at the URL. Are any misleading? (e.g. apple.strangedomain.com)
- Poor spelling and grammar
- The message asks for personal information
- Generic greeting – the message doesn’t contain your name (e.g. dear valued customer)
- You didn’t initiate any action to cause the email
- You are asked for money
- The message makes threats (e.g. account closure if you don’t act now)
- The message says urgent action is required
- Unofficial ‘from’ address
- Attachments by email
Don’t be fooled just because a website looks realistic and contains official company logos. If something doesn’t feel right, it probably isn’t.