Phishing Explained: Everything You Need to Know About Phishing Scams

by - Last Updated on September 26, 2018

Keeping your data safe is of paramount importance. The consequences of personal data leaks can be catastrophic. But in today’s world, where scams and hacker techniques change daily, protecting your data can seem close to impossible. Phishing scams have long been popular, and are great ways for the bad guys to get your data. But just what can you do to protect yourself?

What is Phishing?

In very basic terms, phishing is an attempt to get you to hand over your own personal data. A person or company sends you an email, text message or calls you and tries to get you to give them personal info. Phishing appears in various guises:

  • Email: A phishing email usually pretends to be from a legitimate company. Perhaps you get an email purporting to be from Google telling you that your account has been compromised and asking you to change your password. Clicking on the link in the email will send you to a page that looks like Google but is actually a fake, you enter your info, and the scammer has your Google password. There are variations on this, such as an email telling you that you have won some kind of prize or discount coupon, but the method is the same: you’re redirected to a page telling you to enter personal info.
  • SMS: These work in similar ways to email, where you’ll find a link embedded in the text message (which may warn you of some kind of danger or tell you you’ve won something or need to register something) which then leads you to a fake sign-in page that collects your data.
  • Telephone: Phone phishing has become less popular recently since email and text phishing are easier and don’t involve personal confrontation. However, the basics are the same. The phone call will warn you of some problem or tell you you’ve won something or need to register for something, and the caller will attempt to get personal information from you directly.

According to the UK government’s National Cyber Security Centre (NCSC), phishing is widespread in the UK. However, the good news is that most email providers and even individuals are very good at spotting phishing attempts once they know what to look for.

What are the Consequences of Phishing?

In general, the phishers are looking for money. But because of the way data works, this can come in any number of ways. Perhaps by getting your Google login data, they find your bank records stored on your Google Drive and from there can access your account. Perhaps they find your credit card numbers. Or perhaps they simply harvest your personal data and sell it on to a data collection firm. The bottom line is that your data is yours, and shouldn’t be in the hands of anyone else.

The risks of any of your data leaking can be high. Maybe you don’t have any banking information stored in your email, but maybe you have other things. Perhaps your mother’s maiden name is part of her email address, and the phisher can find this info. How many times have you been asked to provide your mother’s maiden name as the answer to a security question?

There’s also the problem of identity theft. By getting enough personal information someone else can pretend to be you, and apply for credit cards, loans, or even commit crimes in your name. Untangling this kind of deceit can take years, and will ruin your credit rating in the meantime (and possibly your reputation). It’s essential that you don’t fall for phishing scams!

How Do I Recognise a Phishing Scam?

Most phishing nowadays happens through email, and there are several ways that you can recognise attempts. According to phishing.org, an organisation designed to help IT professionals protect companies against phishing attempts, a message (either email or SMS) from a phisher generally has the following characteristics:

  • A sense of urgency, the message persuades you to “act now”
  • It’s too good to be true, offering huge discounts or big prizes that seem unbelievable
  • It contains links or attachments
  • It’s from an unknown sender.

Of course, none of these things guarantees that a message is a phishing scam, but any of them should put you on your guard. NCSC, the UK cybercrime centre, recommends that you analyse any emails you receive carefully. Here’s what you should be looking at:

  • Sender Address: Is this someone you know? Is it someone you’re expecting to hear from?
  • Subject Line: Is the subject line alarmist? Or provoking you to take some urgent action?
  • Logo: If there’s a company logo is it high resolution? Or does it look a little blurred, as though it could have been cut and pasted?
  • Greeting: Does the email address you by name? Or does it use something generic, such as “dear customer”?
  • Body: Is the spelling and grammar good, of a native English speaking standard? Or are there mistakes, or phrases that sound odd?
  • Links: Whilst the link in the message may look genuine, what do you see when you hover your mouse over it (don’t click on it!)? Hovering your mouse over a link may give you the real link, an address that may not match the one written in the link itself.

How Do I Protect Myself?

Protection from phishing is actually relatively simple: don’t respond to any message that you’re in doubt about, and definitely don’t click on any links or attachments. Keep to those rules, enable two-factor authentication where possible and you’ll be perfectly fine. However, depending on your situation there may be more that you need to do:

I’m Not Sure if the Message is Genuine

Phishers try to alarm you, but obviously, there is always the chance that your Google account or other email has been hacked, or that something has gone wrong somewhere. If you’re worried that the message you’ve got is actually genuine then still DO NOT click on any links or attachments. Firstly, go to the regular webpage (so if the message concerns Google, go to your Google account page) and log in directly from there (still not clicking on that email link). If there is a problem there may be a message about it in your actual account. If nothing seems to be amiss but you’re still worried, then contact customer service about the message (including a copy of it if possible), asking them if it is genuine or not.

I Want to Report Phishing

If you want to report phishing attempts then there are two things that you can do (and neither of them involves clicking on those links or attachments!). Firstly, you can report the message to the service you received it through. So if you got an email, report it to your email provider, if you got a text message, report it to your mobile company. UK operators do have cybercrime departments, so call your operator’s customer service number and ask where to direct your report.

Secondly, you can make a police report if you’d like to. No, we’re not overstating things here. The chances are that the police aren’t going to catch your phisher, but making a report does help keep crime statistics up to date and help to create prevention programmes. You don’t need to head to your local police station though. Cybercrime reporting should be made to ActionFraud which is the UK police service’s dedicated service for cybercrime and fraud, and you can find all their contact info here.

I Think I’ve Fallen for a Phishing Scam

If you think you’ve fallen for a phishing scam, and you did click a link and enter personal info, or give info to someone or a site you do not think is reliable, then there are a couple of things you need to do. Firstly, change all of your passwords. All of them. Maybe you only entered your email password, but it doesn’t matter, your accounts may be connected in ways you don’t know about, so change every password that you can think of.

Secondly, contact ActionFraud to make a report. This will help protect you. Should a phisher use your info to open a credit card account, for example, you will be able to show the credit card company your ActionFraud report to prove that your personal details were stolen.

Finally, keep an eye on all of your data. Watch your bank statements carefully to ensure that no suspicious transactions are taking place, watch your email (including the “sent” email box) to be sure no one else is using it, and anything else you can think of. None of these things will completely solve the problem, but they should mean that you notice issues if they arise and can deal with them quickly. If in doubt and in need of more advice, contact your local Citizen’s Advice Bureau.

Phishing Happens: Don’t Let it Happen to You

Phishing is popular because it works. These people or companies send out hundreds of thousands of emails a day and statistically, some of them are going to be successful. But by being aware and vigilant you don’t have to fall victim to phishers. Be careful, and remember, don’t click on links in emails you’re not sure about!