One of the most devious forms of identity theft, ‘phishing’ is designed to trick you into divulging personal data by clicking onto fraudulent links and submitting information to illegitimate websites. The technique appears to be growing in popularity among hackers who use false emails and fake websites in an attempt to steal your data, typically passwords and financial information. Once your security has been breached, the criminals will be able to commit all manner of identity theft, while your good name and credit rating is put at risk.
Phishing scams usually start with an email that appears to have been sent to you by a trusted sender, such as your bank, building society or other financial institution (including PayPal), your mobile phone provider or social network, and even official government bodies such as HMRC. You will be asked to click a link to the (fake) website in order to verify or update your personal details.
If you don’t suspect any underhand activity – and why would you if you trust the source – you may not realise that the data you willingly submit is going straight into the hands of cyber criminals, with the potential to wreak havoc with your identity.
It is important that you become familiar with the different types of phishing scams so that you know what to look out for and can protect yourself from internet fraud.
Watch out for spam emails
Be suspicious of any email that looks ‘odd’ and use your 6th sense if you must. Does the letter address you personally or merely say ‘Dear Customer’ or ‘Dear Sir/Madam’? Check if the email comes from an unrecognised sender (verify the actual email address it was sent from). What is the purpose of the mail – does it frighten or threaten you into a quick response, does it ask you to confirm or update personal information? If you’re not sure, don’t do it.
Links, attachments and downloads
If you receive an unsolicited email from an unknown sender, it is highly recommended that you don’t download files or click on links. Open attachments only if you know what they are and if you are expecting them. Be particularly careful about embedded forms and email links that ask for personal information, even if the email itself looks like it comes from a trusted sender. Fake phishing sites often copy the whole look of the website they’re purporting to be – they can look very authentic!
If you’re not sure, call the company on their usual telephone number (DON’T use any phone numbers given in the suspicious email) to check if they were the sender. No business should request for personal data to be sent via email.
Check for secure websites
Secure websites have a lock icon on the browser’s status bar, and/or the URL starts with ‘https:’ instead of ‘http:’. Check before you conduct any online financial transactions and abort the transaction if the site is not secure.
Beware of pop-ups – legitimate companies won’t ask you to submit any personal information via a pop-up screen, so don’t do it. Neither should you click on links in a pop-up screen or paste a web address from a pop-up into your browser.
Internet security software
Make sure that your computer’s internet security is up to date with effective software to combat phishing. Some internet security software can automatically detect and block fake websites and will also authenticate major banking and shopping sites, so you know you’re safe.
Install the latest anti-virus software, anti-spyware software, spam filters and a firewall. It is highly advisable to regularly update all these programs to ensure total peace of mind.
Even with the best security in the world, it always pays to be vigilant, while erring on the side of caution if you are ever in any doubt. Check your online banking facility regularly to make sure no unauthorised transactions have taken place.
Always be extra cautious about divulging any personal data over the internet and never email any confidential information, especially of a financial nature, even if you know the recipient. What happens to your data if their email account is hacked for any reason? Exactly.
Finally, phishing doesn’t just happen online, you can be caught out over the phone too. If you receive an unsolicited call asking for personal information over the call, you don’t have to provide it if you’re unsure about security, especially if you didn’t initiate the call. Be very careful of emails that ask you to call a certain phone number to update your account details.