One tactic that cyber criminals may use to try and get access to your phone, tablet, or computer is phishing. Here's what you need to know.
What is phishing?
Phishing is a type of cyber attack. It involves sending unsuspecting users messages, such as emails, texts, WhatsApp messages or social media messages and sometimes phone calls, pretending to be from a reputable source.
The messages often include links, tricking users into handing over personal information such as credit card and bank details, or downloading malware.
Malware means ‘malicious software’, and could be a virus or similar program, which can steal information off your device.
What are the dangers of a phishing attack?
If you’re unlucky enough to be a victim of a phishing attack, you could incur serious financial loss, with scammers able to access your money or make use of your bank cards to make purchases.
There is also the threat of having your identity stolen, whereby cyber criminals use your details to take out loans, credit cards and other products, with serious consequences for your finances.
The criminals could also steal your data and personal information, which they can then sell on.
If a device or account you use for work is targeted, the phishers could access information about the organisation or account logins. The organisation could be liable for a fine if cyber attackers obtain sensitive information (such as people’s personal details).
Falling victim to a phishing attack is not uncommon, but can be prevented as long as you remain diligent about calls, texts and emails and stay abreast of how cyber criminals work.
How does phishing work?
Phishing scams work in numerous ways.
The most common is known as a bulk phishing attack, which involves scammers sending identical messages to lots of people at the same time.
This usually takes the form of an email that appears legitimate, with the logo of a bank or reputable company. It may say that you have a new statement to look at, or that you have to check some details about a particular account.
Often, it will ask you to click a link and then give some details, such as your National Insurance number, address or even your bank details and long number on your credit or debit card. This can lead to scammers then using your information to access your money or even steal your identity.
Personalised attacks, known as spear phishing, tend to target individuals within businesses, asking for specific details about making payments or other personal information.
Increasingly, consumers report being targeted via text message and social media and even calls with automated voices, claiming to be from a bank or HMRC. These messages often contain a link for bank or card details, or ask you to pay a fictional bill. As with email phishing scams, they can lead to serious financial issues.
Examples of phishing attacks
A classic example of a phishing attack is an email that appears to be from the likes of PayPal, claiming that your account is suspended and you must your their bank details at the link to keep it active.
But if you click and enter your details, you then give vital information to scammers unwittingly.
Another example, which has become common in recent times, is a text message or WhatsApp from an account claiming to be HMRC asking for personal details such as Unique Tax Reference numbers or bank account details. As with all financial institutions, HMRC will never ask for such information over text or email.
Sometimes, scammers will install malware on your PC, tablet or phone if you click on a suspicious link. This can then go through your files to access personal data.
What can you do to avoid phishing scams?
While phishing scams can seem scary, there are some simple, practical steps you can take to avoid being scammed. You can:
- Always check email addresses. While emails might claim to be from official sources, always look at the actual address when you open an email. If it looks in any way unsafe, delete it and report it to your email provider as a potential phishing attack.
- Never click on a link in a suspicious email or text message. If you think an email has come from a suspicious source, do not click on it. Delete the message immediately, report it to WhatsApp or your email provider, and check the organisation’s real contact details by Googling them.
- Check your bank’s personal details policy. With many financial institutions going paper free, be sure to check the policy of yours towards personal details. Banks do not ask for personal information over text or email, especially when it comes to accessing your accounts.
- Use the latest security software on your PC and phone. Phishing scammers often try to install malware on your device. By installing anti-virus on your PC and ensuring software is up to date on your laptop, tablet or smartphone, you can guard against attacks.
- Update apps regularly. Scammers often try and attack through older versions of apps, such as WhatsApp. Be sure to set apps to automatically update on your phone. This can be done in the Settings apps on Android and iOS devices.