Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords.
These can have a monetary value to criminals. Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices. Criminals send bogus communications: emails, letters, instant messages or text messages. Very often these appear to be authentic communications from legitimate organisations. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.
Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.
Phishing messages generally try to convince the recipient that they are from a trusted source. “Spear-phishing” is a technique whereby criminals use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.
Criminals have stepped up their activity by targetting business users by claiming that they have specific knowledge of the business. These may be business critical issues: customer feedback, requests for information, staffing or legal notices.
What to look out for and what you should do if you receive a phishing message
- Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details, or a contact number tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm that the message is genuine
- Use your spam filter: If you detect a phishing email, mark the message as spam and delete it. This ensures that the message cannot reach your inbox in future.
- Know your source: Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address. Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.
Some safety tips from Bank Safe Online can provide further advice to users concerned about phishing emails:
- Phishing is still a threat. Always remember that banks will never contact customer by email to ask for passwords or any other sensitive information by clicking on a link and visiting a website.
- The email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation that it claims to have originated from.
- Fraudsters are unlikely to know your real name, so the email may address you in vague terms, for example ‘Dear Valued Customer'.
- Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the ‘subject’ box and contain spelling or grammatical errors in the email – this is an attempt to get around spam filters and into your inbox.
If you’ve lost money or information or your computer has been taken over by a phishing or malware attack, report it to Action Fraud.
Read some information and advice about phishing from Bank Safe Online.
See also:
Vishing
Smishing
Identity theft and fraud