What is Phishing?
Phishing is a form of cyber-attack used by criminals to social engineer your data. Their goal is to firstly make you believe the email, text or call you receive is genuine. Once this first step is successful, they will go on to manipulate you until they have all data that they require.
How to identify a phishing attempt?
Phishing can be in the form of a phone call, email or text, however in the current in the current era this can also extend to social network posts.
Here are an few examples how a scammer can get the attention of the user:
- Your account has been put on hold
- We have noticed some unusual activity on your account
- Your password has expired
- Payment due immediately
- Sign up now to receive a free gift
How do I defend against a phishing attack?
The only way the scammer will get your data is through your own actions. If you don’t pick up the phone, open the email/ text or click on the Facebook post the phishing attack would have failed. However, in reality this is not so simple to do as it can be difficult to distinguish between real and fake messages so you will be forced into some investigation.
Most of the time if you check the senders address you can tell if the email is spam so you can rule them out easily. However, if the senders address looks genuine, in addition you should do alternative checks as spammers can also spoof the senders address.
Hover over any links from emails before you click on them to make sure you are being directed to the correct page. When you hover over the link the actual URL will appear on the bottom left of your browser for most browsers. If you are not able to see the URL you may need to enable the status bar on your browser.
Never give out any sensitive information to an unsolicited phone call even if you can verify the caller ID. This ID can be spoofed to make it look like your bank or credit card provider.
Find out what the purpose of their call is then hang up and call back on the number from their website, if its your bank or credit card company the number can even be found on the back of your card.
Never forward any text messages you receive to any numbers unknown to you, your bank or other providers will never ask you to send verification codes directly to them.
If you receive any text messages relating to your account, most of the times you will also receive an email. Check your email and see if you have received the same message.
If you see an offer on Facebook that is too good to be true it most likely is. If you want to verify that the offer is genuine you can visit their official Facebook page such as Dyson and see if the offer is posted on there by ‘Dyson’. Verified pages will have a blue tick following the name pages name.
What are some best practices to follow?
Always go directly to the providers website to reset any of your passwords. If you suspect your account is blocked or frozen you can call or email your provider directly to find out if or why it is blocked. Never give out personal details to any unsolicited caller or email
If you follow these steps and stay vigilant you can minimise your chance of falling prey to phishing attacks.