I am normally pretty switched on when I receive emails and can spot the span and malicious ones but every now and again there is one that almost gets through, those phishing emails are getting better (or worse) in their attempts to gain access to your personal data.
Just to make it clear phishing as we view it is the practice of sending fraudulent emails that are made to look legitimate in an attempt to steal your data, this could be your username and password for your email account, your credit card details, your bank details or anything else that gives the attacker access to your identity.
How does this work?
You receive an email that looks like it must have come from a business or service provider that you use, this could be your bank or a service provider like Microsoft or PayPal, a shopping site that you may use like Amazon. They are made to look just like a legitimate email from these companies, at a quick glance all is good, they will normally require you to click on a link to log into your account, this is the bit where they capture your account details, this could be an email address or username and password.
An alternative approach would be offering you a prize for completing a survey, of you will need to complete
Of course, these scams are not limited to emails, you may receive SMS Text messages with links to sites that require you to log in, again an opportunity to harvest your details and even social media is not exempt, you will often see quizzes and questionnaires that look fun to complete but these again are ways of harvesting your data.
When you enter your details you are providing the scammer ways to access things like your emails and bank account, to all intents and purposes you are giving full access to your life and possessions.
Sometimes these scams are given different names that may refer to specific methods like:
Whaling or Spear Phishing, is typically an attack on a business using targeted data like the recipient’s name and job title to add a degree of legitimacy to the contact.
Pharming, redirecting you to a fake version of a website that you are trying to visit in an attempt to gain your personal data.
What to watch out for?
Emails that ask you to verify or reset your personal data like username and password when you have not requested the reset.
Check that email addresses are correct, there are no spelling mistakes and the displayed name and email address match, you will often find the detail after the @ is not consistent with the sender.
The message comes from a business or organisation you don’t normally receive emails from.
If it is about a delivery you were not expecting asking you to log in to a web page.
How to protect yourself
Generally, unless you were expecting the email with a link to click through just delete it.
Don’t enter personal details or credit card information into any site that is not secure (padlock in the address bar) and only if you are happy to do so.
Let’s make sure that those phishing are not catching you.