Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. Victims receive an email or a text message that imitates (or “spoofs”) a person or organisation they trust. When victims opens the email or text, they find a message meant to fill them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence.
If users take the bait and click the link, they will be sent to an imitation of a legitimate website. From here, they are asked to log in with their username and password credentials. If they do so, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, sell personal information on the black market, etc.
A little discipline and some common sense will go a long way to identifying a phishing attack. Here are some things to look out for :
The email makes an offer that sounds too good to be true. It might say you have won the Lotto or an expensive prize.
You recognise the sender, but it is someone you normally don’t communicate with.
The message sounds scary and may contain alarmist language to create a sense of urgency, exhorting you to click and “act now”, for example, before your account is terminated.
The message contains unexpected or unusual attachments. These attachments may contain malware, ransomware, or another online threat.
The message contains links that look a little strange. Hover your cursor over the link to see the actual URL. Be especially on the lookout for subtle misspellings in an otherwise familiar-looking website. It is always better to directly type in the URL yourself rather than clicking on the embedded link.
While most Internet browsers have ways to check if a link is safe, the first line of defence against phishing is your own judgement. Some simple guidelines will also help :
Don't open e-mails from senders you are not familiar with.
Don't ever click on a link inside of an e-mail unless you know exactly where it is going.
If you get an e-mail from a source you are unsure of, navigate to the provided link manually by entering the legitimate website address into your browser.
Look out for the digital certificate of a website.
If you are asked to provide sensitive information, check that the URL of the page starts with “HTTPS” instead of just “HTTP.” The “S” stands for “secure.” It is not a guarantee that a site is legitimate, but most legitimate sites use HTTPS because it is more secure. HTTP sites, even legitimate ones, are vulnerable to hackers.
If you suspect an e-mail is not legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.
Hover over the link to see if it is a legitimate link.
And above all we recommend using some sort of anti-malware security