The threat large businesses face in the world of cybercrime is growing by the day. We’ve seen high profile hacks occur at corporations who handle droves of sensitive customer information. Placed in the wrong hands, customer details can place us at the mercy of phishing attacks.
With that in mind, protect yourself with this crash course of what phishing is and how you can avoid its pitfalls.
What is phishing?
Phishing is the process of sending an email falsely claiming to be a genuine email from a legitimate, and often well-known enterprise.
Typically, a phishing email will imitate a popular brand, and may use their company logo for a professional and authentic design. Usually the email will contain a link to a phishing website, which will look and feel very similar to the site it attempts to mimic. From there, you may be asked to enter personal details such as passwords and bank account numbers, which the sender can then harvest for their own illegal use.
Phishers gain your data from hacking into company websites, the recent TalkTalk scandal providing an ideal pre-requisite for phishing. The cybercriminals will then choose a popular site and create as identical a copy as they can. Previous examples come from Netflix, Amazon and eBay.
Vishing is the telephone equivalent of phishing. Someone will call pretending to represent a legitimate business, and attempt to scam the user into handing over personal details which can then be used to perform identity theft.
How to avoid phishing?
Once you get your head round the idea of phishing, avoiding the perilous consequences can actually be rather simple.
Identify a fraudulent email
If you can spot a phishing email when you see one, you can nip any potential problems in the bud right there. Whilst phishing emails will look to imitate their chosen enterprise as closely as possible, they are a few vital signs to look out for.
- Phishing emails are likely to be spam messages, using “Dear customer” instead of personalising the email with your name as you’d expect from a company you are a customer of.
- Check the sender’s email and see if you recognise it.
- Look for overly formal (Dear Sir or Madam) or broken English that you wouldn’t expect from a professional organisation
- An alert sign in the subject line, or language that suggests urgency. Phishing emails will attempt scare you into handing over details by making it look like there is a problem at hand.
Looks for the https
This is a good rule of thumb for all internet browsing, but is particularly prominent here. When conducting any online transaction or entering any personal details like passwords, a trusted site’s URL will contain a lock icon and a prefix https (rather than http). This proves the site’s certificate of security, and any sites asking for personal details without it should be ignored.
Don’t click on the links
In order to coax you into handing over some details, phishing emails will often contain links to phoney websites posing as a genuine site. Hover your cursor over the link and a little grey box will appear with the URL hidden within. If you don’t recognise it and it looks dodgy, ignore it.
Type the URL directly into your browser and save the trusted links in your favourites.
Never hand over personal details
Ultimately, you should never be handing over bank details and passwords via email anyway. Banks and other sites with your details will never ask for such details to over email, as unauthorised access of your email could occur. Under no circumstances should you be doing so.
Keep anti-virus up to date
Again, a good general security rule anyway, but installing a solid anti-virus solution can help avoid phishing. A good anti-virus package will contain a firewall, spam filters and anti-spyware, offering you protection from any unauthorised access to your system.
Identity a fraudulent phone call
As mentioned above, vishing is another avenue for cybercriminals to get their hands into your bank account. The phone call may seem legitimate as an appropriate area code crops up, but callers do have the means to modify this. Again, callers will act as if they work for a popular brand or bank, but once they start asking for personal details, feel free to hang on up.
If in doubt, don’t risk it
If there is even a shred of suspicion or concern, phone up the company the phishers claim to be and get clarification. Alerting them to the issue and giving them the relevant information will in turn help shut the scam down.