What is phishing?
Phishing is a type of cybercrime that attempts to capture sensitive data from users and can lead to financial loss or even identity theft.
The main method of phishing is email and this is the method we will be focusing on in this article. Other methods include SMS/text messages and telephone calls.
These scammers are often looking to get hold of your credit card details and failing that they may simply want your login details to specific sites.
Let's say you receive an email from PayPal stating that your login information has been leaked and that you need to reset your password. Within the email, there is a link to the PayPal website so you click it are shown the site. You try to log in but it doesn’t work. It looks as if your details have already been changed but in actual fact, you have been sent a phishing email that sent you to a fake website. By trying to login to your PayPal account you have given the scammers your details and now they will be able to log into your account and send money anywhere in the world.
How to spot phishing?
Phishing scams all have one thing in common, they are trying to trick the user into thinking that the email is from a reputable source and have some link or button within the email that will prompt action.
A simple way to spot some scams is to look at the spelling and grammar within the email. Often times the grammar is strange and there are misspelt words. This is becoming less frequent as the scammers are getting better at what they do.
An even better way to spot a phishing email is to look at the sender. If you receive an email from PayPal and the sender is something that doesn't look right, such as firstname.lastname@example.org (PayPal is spelt incorrectly), then it would be safe to say that it is a phishing email.
One of the best ways to spot a scam is to check the links. The links within these emails often link to custom built sites that will look like the real thing but are in fact a fake. You can see where the links or buttons will take you by hovering them and looking at the bottom left of your screen. Here you will see the real URL.
These fake URLs will often seem real as they will normally start with the correct URL but this is just an attempt to fool you. Here are some examples:
Notice that both of these URLs begin with real website domains but then continue on with another domain attached such as efex.se and maxx456789.co.
What to do if you receive a phishing email
Generally, the best steps to take are to flag the email as spam and delete it. However, if the email comes into your office email address it is prudent to tell your IT department or your Managers that you have received a suspicious email. This information can then be spread around your office and hopefully prevent anyone from falling victim.
You should now be able to identify and avoid phishing emails so why not take this quiz and test yourself.