Here Phishy phishy

All about phishing scams

Phishing scams have been around almost since the inception of the Internet, and they are not going away any time soon. In fact, they are becoming increasingly common as fraudsters think up new tricks to try and steal your personal information.

Usually carried out over email – although social media, messaging services and apps are also used – a basic phishing attack attempts to trick the victim into doing what the scammer wants. That might be handing over passwords to make it easier to hack a company or altering bank details so that payments go to fraudsters instead of the correct account. The emails claim to be from organisations such as ISPs (in particular BT and TalkTalk), banks, PayPal, eBay, Google, Apple etc. They will look genuine with the all the right icons, trademarks, and fonts that you’d expect to see.

The emails and text messages normally contain genuine-looking links to the relevant, but of course bogus, websites, asking you to login to the secure page of the website with your email address and password. Some may ask you to install a piece of software to do a security scan (installing viruses or keystroke loggers along the way). Once your details have been “phished”, crooks can then use this information to perform identity theft and bank fraud.

How do you spot a phishing scam?

  • You receive an email, text or phone call claiming to be from a bank, telecommunications provider or other business you regularly deal with, asking you to update or verify your details.
  • The email or text message does not address you by your proper name and may contain typing errors and grammatical mistakes.
  • The website address does not look like the address you usually use and is requesting details the legitimate site does not normally ask for.

Be aware and proactive:

  • NEVER click on any links or open attachments from emails claiming to be from your bank or another trusted organisation which ask you to update or verify your details – DELETE IT.
  • Do an internet search using the names or exact wording of the email to check for any references to a scam – many scams can be identified this way.
  • Secure websites can be identified by the ‘https:’ rather than ‘http:’ at the start of the internet address. Legitimate websites that ask you to enter confidential information are generally encrypted to protect your details.
  • Never provide your personal, credit card or online account details if you receive a call/email claiming to be from your bank or any other organisation. Instead, make an independent check with the organisation in question.
  • If you receive a call, text or mail from a fraudulent organisation report it to Action Fraud at https://www.actionfraud.police.uk/, emails can be forwarded to report@phishing.gov.uk
phishing pic

Philip Brooks