Phishing is when fraudsters trick you into submitting personal information online.
Usually in the form of an illegitimate email, or pop up, phishing scams are often difficult to detect and can potentially lead to various types of identity theft and even an empty bank account.
With HMRC reportedly taking down more than 20,000 malicious websites in the last 12 months alone, it’s clear that phishing scams aren’t going anywhere soon, so follow our five tips to protect yourself online.
Can you spot a phishing scam?
Phishing scams have been around for years, with cybercriminals playing a numbers game by sending out huge amounts of fake emails, then waiting for unsuspecting internet users to bite.
Targeting both individuals and organisations, cybercriminals often run their scams using computer programs, enabling them to send out a high volume of phishing emails at once.
Upon opening, these emails often look legitimate as they may feature the same branding used by organisations that you’re familiar with or use every day.
These emails contain a link to a fake or a website, or a pop-up, which asks you to submit personal information.
In recent years many large organisations have recognised the scale of the problem and are taking steps to try and better protect their customers from falling for these scams.
It’s likely that you regularly receive emails from your bank or building society containing information about phishing scams along with tips on how to tell that correspondence from them is genuine.
Protecting yourself against a phishing scam
Follow our helpful tips below to help you stay safe online and avoid falling for a phishing scam.
#1 Stay ahead of phishing techniques
Knowledge is power, so do your research and pay attention to the news surrounding the latest phishing scams.
In the two weeks leading up to the 2018 FIFA World Cup, for example, the press reported a significant rise in cybercriminals exploiting the event to conduct phishing attacks on internet users looking for tickets to the tournament.
At work, IT administrators should practice ongoing security awareness, while simulated phishing for all users can help keep security top of mind throughout the organisation.
Meanwhile, at home ensure that all the family is made aware of phishing scams and learns to spot the signs that an email or internet site is illegitimate.
#2 Think before clicking
Following links in emails from verified and trusted senders is usually perfectly safe but beware of clicking links in random emails or instant messages.
If in doubt, it’s best to delete these messages or hover over the link to investigate whether they lead where they are supposed to.
Most phishing emails start with “Dear Customer,” as opposed to your name, so be alert when you come across a general salutation.
If you’re suspicious then go directly to the source rather than clicking a potentially dangerous link and never enter any personal information into a pop-up box – legitimate websites never ask you to do this.
#3 Don’t forget telephone phishing schemes
Fraudsters might use the telephone to trick you so never divulge personal information unless it was you who instigated the call.
Similarly, be cautious of emails that ask you to call a phone number to update your account information and be sure to check the organisation’s telephone number for yourself by looking up the company website.
#4 Check for secure websites when buying online
When buying items online and entering your payment details, ensure that website you’re using is secure.
A lock icon on the browser’s status bar or an “https:” URL where the “s” stands for “secure” rather than an “HTTP:” are all indications that a site is secure.
#5 Protect your computer
Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software.
Do your research to ensure you are getting the most up-to-date software and update them all regularly to ensure that you are blocking from new viruses and spyware.
#6 Monitor your online accounts
Check in regularly on your online banking and shopping accounts to monitor them for any unrecognised or suspicious activity or transactions.
Early detection could potentially mitigate some of the damage caused by a phishing scam.
