In 2013, most of us are now aware of the online threat known as “phishing”, where cybercriminals use various techniques to gain access to your email or social media accounts or, worse still, get hold of your bank account or credit card details. What you might not be aware of, however, is that phishing has evolved massively over the past few years, with criminals using increasingly sophisticated con tricks and scare tactics to dupe unsuspecting victims into handing over their sensitive data.
These days, phishing emails are less likely to come from fictitious foreign royalty and more likely to come from one of your social media connections or from a trusted business contact – at least, that’s who the email will appear to come from. In reality, the sender will be a skilled confidence trickster prepared to spend time and effort slowly reeling you in.
Last year, the German Federal Court ruled that where people had fallen for phishing scams that appeared to originate from their banks, the victims themselves were responsible for the losses, rather than the banks. This ruling looks likely to set an international precedent, meaning that protecting yourself against phishing is, ultimately, down to you.
Here are my top 3 tips to avoid being hooked…
1. Slow down and don’t panic!
A common technique among phishing emails is to try to panic the recipient into a kneejerk reaction. For example, you receive an official-looking email telling you that one of your online accounts has been compromised and urging you to update your password via a link provided; or you’re told that your computer has been infected by a virus and that you need to download a new piece of software to repair it. Don’t bite – these are very likely to be phishing scams.
Always remember that most reputable companies will NEVER send emails asking for sensitive information such user names, passwords, Social Security numbers, bank or credit card details, nor will they ask you to provide these details over the phone.
In the digital age, we’ve become accustomed to doing things quickly, usually with a couple of quick ‘clicks’. A key to avoiding phishing is to slow things down. If you receive an email that alarms you for any reason, treat it immediately as highly suspicious and, above all, don’t click on any links it may contain! (See Tip 2)
2. Go direct
Many phishing emails contain links to spoof websites that are practically identical to the real sites they are trying to mimic, e.g. bank websites. Some will collect your login information then do nothing (alerting you to a problem) but others will then link you back to the genuine site, covering their tracks in the process.
If you receive an email containing a link, hover over it without clicking to reveal the web address that it will take you to. If it contains long strings of numbers or looks different from the usual web address of the sender (e.g. if ‘Twitter’ is spelled ‘Tvvittler’), it’s dodgy! Take a written note of the address, then contact the company involved directly to find out if the email is genuine or not.
3. Don’t be over-social!
The rise of social networking has been a gift to cybercriminals. Most social network users willingly share masses of personal information on their public profiles, such as the names of their spouses and children or family birthdays, without giving it a second thought. Unfortunately, the same people often use this personal information as the basis of their online passwords. Scammers can also use this information to impersonate a trusted contact via an online message or email.
If you use social media, check your account settings to ensure that your personal information can only be viewed by those in your network or, better still, be sensible about the information you post in the first place. Also, never use the same password on multiple online accounts. Use a strong, unique password for each, protecting against a domino-effect where one account after another is hacked using the same password.