Phishing scams: don’t take the bait

Phishing scams: don’t take the bait

What is phishing? Phishing is an email scam where the sender misrepresents themselves—that is, they pretend to be somebody they’re not—in order to nab your private information: passwords, financial details, even money transfers.

How phishing works

Let’s use a hypothetical example. Imagine you receive an email that appears to be from your bank informing you of some “unusual activity” on your credit card. In order to protect your card from any would-be fraudsters, the email requests that you sign into your bank account and provides a link. The email seems legitimate; it has the bank’s logo, an authentic-looking web address, maybe even addresses you by name. And you don’t have time to check any more thoroughly because you’re in a bit of tizz—somebody’s using my credit card!—so you go ahead and click the link, enter your details, and hit “send”. You just got phished. Just like that, the scammers now have your bank account details and are helping themselves to your funds—right at the moment you think you’ve taken action to protect yourself.

The success of a phishing attack depends on the sophistication of the scam, the complacency of the recipient, or a combination of the two. In other words, they can be really smart or you can be a little lazy. Either way, the result is the same: you’ve handed over extremely important personal information to a criminal out to exploit you.

Fortunately, even the most sophisticated phishing scams leave at least some clues as to their nefarious intent—you just have to be sharp enough to pick up on them. Eliminate complacency, and you drastically reduce your risk of falling for an email scam. Here’s how:

1. Never share personal information over email

This is simple, but important. Never send personal information over email. Sure, go ahead and email your colleague about the cringeworthy time you accidentally called your boss “mum”—there’s not much a criminal mastermind can do with that kind of personal information—but never ever ever send details like bank accounts, login details, passwords, or anything else that a malevolent emailer could use to rip you off. Remember: no real business worth their salt will ask you to send sensitive information via email. If they do, it’s probably a scam.

2. Carefully check for authenticity

Phishers are getting more and more cunning. The sophistication of phishy emails is increasing, making them harder to spot. But there are a few things to check for to ensure the authenticity of an email. You should check whether or not it looks like a legitimate email. Also, be on the lookout for the presence of glaring typos and grammatical mistakes. BUT bear in mind that anybody with decent software and a decent command of English can easily create a fraudulent email that looks and sounds like the genuine article. Don’t be complacent! Even if it looks professional, it’s essential that you check other aspects of the email. It’s really important to carefully examine the sender’s email address and the web address of any links in the email (you can do this by hovering your cursor over the link; the address will usually appear on a status bar at the bottom of your browser). Phishers usually create email and web addresses that look superficially similar to those of the company they’re imitating, but there will always be some point of difference like perhaps a minor variation in spelling or a different top-level domain (e.g., .net instead of .com).

3. Visit websites outside your email

For the sake of convenience, emails (legitimate or otherwise) often invite you to follow a link that will directly take you to another website. Of course, the links in a phishing email are dangerous, so you want to avoid clicking them. As a safety measure, always access external websites outside your email. Rather than taking the easy option of clicking the link, access websites by typing them into your web browser and, if required, log in by hand.

4. Tread carefully with attachments

Phishing attacks sometimes involve the use of attachments, so you need to be particularly careful whenever you open attachments. Attachments from a scam email may contain nasty bits of software (e.g., viruses) that can wreak havoc on your computer and even obtain your secret information once you open them. Firstly, make sure you thoroughly pore over the email to make sure it passes the authenticity test (as per Point 2 above). Secondly, use another communication medium to confirm with the sender that an attachment is genuine.

5. Always be vigilant

When compared with other internet and digital forms of communication (e.g., social media), email is a highly trusted communication method. That’s precisely what makes phishing so effective. Nobody expects an email to be fraudulent, which is where the complacency part of the equation comes in. Get into the habit of double- and even triple-checking emails asking you to take some kind of digital action. While the vast majority of emails are authentic and innocent, a small percentage are designed to con you into divulging sensitive information. Always have your guard up.

Conclusion: be the one that got away

As phishers have grown smarter, it’s up to us, the “phish”, to be vigilant. In order to work, phishing scams rely on complacency. They’re trawling about for a hapless victim who, in a moment of panic or a lapse in judgment, hand over their most precious, most personal, most private information. To avoid being caught hook, line and sinker, just remember:

  • Never share personal information over email
  • Carefully check emails for authenticity
  • Visit websites outside your email
  • Tread carefully with attachments
  • Always be vigilant

So don’t take the bait. Be on your guard when clearing your inbox. A little extra vigilance is all it takes to make sure you’re the one that got away.