Phishing: What is it and how do you protect yourself?

What is Phishing? 

Phishing is an attempt to gain private or sensitive information from someone by communicating with them whilst pretending to be a real or reputable company/person. In other words, you will receive an email, text message or phone call from what looks like a real organisation but in actual fact, it is someone pretending to be them. Their aim is to trick you into handing over sensitive information such as your personal details, passwords or bank information. 

They will likely use a fake email address or website that looks genuine but it actually is not. The email may ask you to open an attachment or click a link that could either launch a computer virus on to your laptop/phone or take you to another website where you will be asked to type in your details. Whatever you do, do not do it. 

Real companies will never ask you for personal information by email. 

How to recognise a fraudulent (spam) email

The email address 

The email may look like it is from a real company and could even use their images or logo. However, if you look at the email address itself it will be completely different. 

Spelling/Grammar 

Fraudulent emails are more likely to be poorly worded and contain spelling or grammar mistakes. A real company will never send badly worded emails to their customers. 

They will not use your name 

A really easy way to recognise a spam email is what they call you. If the email begins with something generic like ‘Dear Customer’ or uses the first part of your email I.e Dear Jane.smith there is a good chance it is scam. 

Real reputable organisations will use your name or Mr, Mrs, Ms etc. 

It will tell you a false story 

The email will contain some sort of story to trick you into clicking on a link or replying. Some examples are: 

• You will be told that your account has been frozen and you need a clink to update your details

• That you are due a refund for something and you should respond with your bank information

You will be asked to click a link 

It will ask you to click a link to provide your bank details, upload personal information or make a payment. 

What should you do if you receive a suspicious email? 

If you receive an email that you think is a scam do not open it. If you accidentally open it, do not reply, click any links or open any attachments. 

Delete it straight away and block the email address. 

If the sender is pretending to be a real organisation i.e your bank, Amazon, Netflix etc it might be worthwhile letting them know. Some organisations have dedicated teams that you can report phishing to. 

If you think you may have accidentally given personal information away double check your bank accounts and if necessary change your bank information. It may also be a good idea to change any passwords to internet accounts I.e email, social media, media accounts (Netflix, Amazon etc) and any online accounts with retailers. 

Example of phishing email

Have a look at this email. Does it look like it is from a genuine company?

This is not a genuine email from a real company. There are several indicators that this email is dodgy:

• The email address does not look like it is from a real company.
• The greeting “Dear customer” is far too generic. A real company would use your name or Mr/Mrs/Miss.
• They have told you a false story. You will notice that the explanation is quite vague i.e “We think there is a problem with your account”. A proper company would offer more information and give a proper explanation.
• It is asking you to follow a link to provide personal information. A genuine company will never ask you for personal information using email.