What is a phishing scam?
Phishing is when someone poses as a trusted entity such as a local business or organization in order to fraudulently gain access to personal information. They do so by sending out emails, text messages and sometimes direct messages via social media which often send users to fake websites that are posing as real businesses. The type of information they commonly seek is bank details, addresses and passwords and using phishing scams to acquire these details without the user’s knowledge.
If the “phisher” gains access to information of this nature, they may use it to steal someone’s identity, hack accounts, make illegal bank transfers and/or distribute information in the form of doxing. Phishing scams are created to seem as believable as possible to recipients so that they open the message and click any links included. In order to achieve the authentic look, they may impersonate well-known companies and/or banks with similar branding.
How phishing scams work
Most of us have experienced a phishing scam and sometimes, we don’t even know we have encountered them due to how authentic they appear. The most common way in which “phishers” will gain access to personal data is by sending illegitimate emails claiming that they are from a globally recognized company such as Microsoft or Apple explaining that there is a problem with a device that can only be resolved by taking a specific action recommended in the email in the form of clicking a link or attachment.
Once this is done, the cybercriminal can find a way to gain access to and infect an individual device or extract key information. Phishing scammers mainly target businesses and organizations with the purpose of accessing more personal information and possibly demanding money from the company. In some cases, they also target personal device users.
Another way in which someone can phish is by calling people, pretending to be their bank and requesting information such as their security pin, account number and passwords to access bank account information. A phisher of this kind is more likely to target individuals rather than businesses. This is because people are more vulnerable to scams as they don’t necessarily have someone that can advise them about the nature of non-solicited calls. The phisher would normally want information of this nature in order to steal money, steal an individual’s identity or launder money through a bank account.
How to prevent falling victim to phishing scams
Although it is never 100% guaranteed that you are safe from phishing scams – there are things you can look out for within emails you receive to determine their legitimacy.
- Check the sender’s email address – One of the most effective ways of checking the authenticity of the sender is by checking their email address. You can do this by clicking on the sender’s name. If they are a “phisher” then the email address will not align with the company the sender is claiming they are from. More often than not, scammers’ email addresses will be an assortment of numbers and letters selected at random (although they can also be very similar).
- Look out for “too good to be true” offers – Scammers may use unbelievable offers and deals to entice victims into interacting with the email. Normally, when looking through emails of this kind, it’s best to take a “If it seems too good to be true, it probably is” approach.
- Look out for urgency! – One of the easiest ways to determine whether the email you have received is legitimate or not is to think about whether or not the sender sounds desperate for you to take this offer. If there is a sense of urgency or the offer seems time sensitive then it could be a scam.
- Don’t click on unnecessary attachments – If you notice unnecessary attachments in an email that don’t make sense, don’t open or download them as they could infect your device with viruses or allow a scammer access to your personal information.
- Check the URL – If the email contains hyperlinks, without clicking – place your cursor over them to see if the URL aligns with whom the sender claims they are.
Other than these tips, just generally be cautious and aware when opening any emails or websites as not all of them are authentic. Scams like this can have devastating results.
Why do people “Phish?”
People will take part or create phishing scams for a number of reasons. However, some of the most common scams are for the purpose of:
- Financial gain – Someone may send a phishing scam to numerous people with the purpose of stealing money from them. They could do so by pretending to be a bank and request you to send them bank details in order to resolve a false issue.
- Identity theft – A cybercriminal might want personal information in order to steal your identity to use for themselves or give to someone else to use. Once they obtain enough information, they could use your personal information to take out loans, credit cards and make large purchases.
- Blackmail – People whom “phish,” may do so with the purpose of extorting and/or blackmailing money or personal data from the victim. They could threaten the victim by saying that they will distribute or make their information public in the form of doxing.
- Revenge – Someone might target an individual or business they feel have done them wrong in the past and use phishing as a tool to seek revenge on them. They may do so by stealing client data and distributing it publicly or infecting the device(s) with viruses or ransomware.
What to do if you’ve fallen victim to phishing scams
If you believe you have fallen victim to a phishing scam, it can be extremely distressing. It is important to try and remain calm and remember that there are things that can be done to remedy the situation:
- Stay calm! – Over recent years, phishing scams have become more and more authentic looking and because of this, it’s easy to make a mistake and fall for one. If you do fall victim, try not to worry too much, we all make mistakes!
- Contact the authentic company – For example, if the scammer was pretending to be your bank and you have shared personal details with the cybercriminal, depending on how fast you act, the bank may be able to stop any money going out or coming into the account.
- Create new passwords – If the perpetrator has one or all of your passwords to access any of your accounts, it’s important that you change the passwords for that account and if you use the same password for other accounts, change them also. If you do it quick enough, this may prevent the “phisher” from being able to access your account.
- Do a virus scan – After a scammer has been able to gain access to your device, they may try to install and infect your computer with malware and/or viruses. To avoid this, do a full computer scan whenever you can as this may detect and destroy any threats of this nature.
- Contact the Police – Although law enforcement should only be relied on in times of emergency, if you are certain that someone has stolen money from your bank and/or is using your identity, they might be able to help you stop it from continuing.