Phishing has been a common cyber crime since the 90s, and people are still being targeted by these scams today. Here’s what you need to know about phishing and how to protect yourself from it.
What is phishing?
Phishing is a form of cyber attack that is usually in the form of a deceptive email. The email is often disguised as being sent from someone you know, or a business you may be interested in.
The email is usually asking for personal details such as passwords or credit card details, requiring the receiver to click a link or download an attachment.
Phishing scams can also come in the form of a ‘pop-up’ on a website, asking you to sign up or subscribe to something.
The definition of the term ‘phish’, pronounced like ‘fish’, is similar to the act of fishing. An angler throwing out a hook with bait and hoping for a bite; this is exactly what the cyber criminals (phishers) are doing. They want you to click a link on the scam email and acquire your personal details.
The ‘ph’ beginning of the word probably comes from the older term ‘phone phreaking’; an earlier form of hacking. Phone phreaking was a scam which involved playing sound tones into telephone handsets in order to get free phone calls.
It was hackers in the mid 1990s who established the term ‘phishing’, as they were trying to trick AOL users into sharing their login information.
Signs of a phishing email
- Unusual sender – Phishing emails often say they’re from someone you know… but make sure to look extra closely. There may be something different about the email address e.g. an extra ‘.’ or maybe one letter is different. If anything looks slightly suspicious, don’t click any links or attachments; it’s not worth the risk!
- Surprisingly good offers – We all know about the emails you get from different companies e.g. clothes shops or holiday companies we’ve used before. They send you exclusive deals and offers because you’ve signed up to their mailing list when you made an online order. Yes, these can be annoyingly frequent, filling up your email inbox. But they’re not harmful.
However, cyber criminals jump on this, sending emails that appear to be offers from shops. It’s a common mistake to click on a link on one of these phishing scams and end up giving your personal details to the scammers.
Similarly, offers that seem too good to be true are also dangerous ones. These often come in the form of ‘you’ve won an iPhone’ or ‘you’ve won a holiday’ followed by a link and ‘click here to claim your free prize’. Classic phishing… DO NOT click on emails that look like that. - Hyperlinks and attachments – phishers put dangerous hyperlinks in emails hoping you click on them. You can hover over a hyperlink and read where it’s going to direct you. Always do this and read the URL carefully! If a website appears to be spelt wrong when you hover on the link, it’s probably a scam site.
Attachments aren’t always as safe as you may think. So if you receive an unexpected email with an attachment on it, do not open it, as it probably contains a virus. The only file you can always click on safely is a .txt file. - Urgency – phishing emails often rush you into doing a certain action such as clicking on a link. If they’re disguised as an account you’re subscribed to, phishers may send an email saying ‘update your details today before your account is suspended’. This aims to make you quickly give your details, thinking you are saving your account, but have actually fallen for the scam.
Past cases of phishing
- In 2016, employees of the University of Kansas were targeted by a phishing scam. The deceptive email requested that they update their payroll information, which gave phishers the ability to change the account numbers for the direct deposits in the payroll system. Five employees responded to the email in total, and three of them did not receive their paychecks.
- Also occurring in 2016, Hillary Clinton’s campaign chairman, John Podesta, was a victim of a phishing scam. Hackers sent him an email disguised as Gmail’s account services department. The email said his password had been compromised and urged him to click on a link and change it immediately. Podesta eventually clicked this false link, handing over his Gmail account details to the cyber criminals.
The sense of urgency in this email and the inclusion of a hyperlink are both signs of a phishing scam. They essentially scared him into clicking on it by saying his password had been compromised.
How to prevent these cyber scams
- You can use spam filters to protect against phishing emails. These filters are clever little things, working in clever ways… The filters assess the origin of the email and its appearance, as well as the software used to send the message, in order to determine whether the email is spam or not.
- As mentioned previously, you can hover over hyperlinks in an email with your cursor. You should always do this when you receive an email that contains a hyperlink. Secure websites that have a valid Secure Socket Layer certificate will start with ‘https’. Now you know what to look out for…
- You can alter your browser settings so that fraudulent websites don’t open. With this setting activated, your browser will have a list of suspicious websites and will either block you from opening them or show you a warning message first.
