Phishing is a type of Online Scam where the Scammer send an email that display to be from a legitimate and trust worthy company and ask you to provide sensitive information. The Scammer normally does by including a link that will appear in the email to take you to the company’s website to fill in your information, the information such as account numbers, passwords, usernames, or credit card numbers you provides goes straight to the Scammer’s hands.
Think about this way, if someone wanted to catch his or her own seafood dinner, she/he would set some bait on a hook, cast it into the wide ocean, and hope that she/he can trick a fish into biting what it thinks is just something to eat. If someone wants to distribute malware or steal personal information, she/he might send out an email with “bait” that looks like something worthwhile and cast it to a wide audience, intentionally deceiving people by posing as a legitimate company and services to get your attention.
Scammers typically utilize email to pretend to be a company that providing services, requesting that you do something, usually urgently. They are hoping that you then click the link and fill out the requested information. Once they have this information they may be able to use it in the future to steal your identity or access your accounts.
An even more direct and targeted method is called spear phishing. Instead of going after many victims for a small reward, the criminal goes after an individual or small number of high-value victims. This method uses information tied to your company or you personally, from research on social media or elsewhere. Email addresses, links look very close to a colleague or business partner and corporate, and partner logos are often use to look authentic. The goal is typically to get access to a system by gathering your credentials, or to install malware on your computer.
So what should you be looking out for with phishing emails? First, look at the sender. Is it actually who it claims to be? It may say it’s from ANZ Bank, but when you look at the domain name, the part after the @ symbol, it has nothing to do with ANZ Bank at all. Another tell is grammatical or spelling errors contained in the email. Finally, if you mouse over the login link at the bottom, you’ll notice that it does not say anz.com.au. These tells reveal that this email is not from the real ANZ Bank. Remember that Banks will never send to their clients an email asking for client’s account details, financial details, or your log in details.
Usually the way Scammer phishing’s are fairly easy to spot when you know what to look for, but sometimes they are much more subtle—only off by a letter or two, or just inverted show “anzz.com.au” and highlight the second letter, showing that it is close but incorrect. The safest practice is never click on a link in an email, but instead to go directly to the site by typing in the URL, clicking on the link in your favourites, or performing a search for the organization, by doing this way you will be safer.
Some of the top tips to avoid phishing are:
- Check who the email sender really is.
- Check the email for grammar and spelling mistakes.
- Mouse over the link to see where it goes. If you are ever at all unsure, do not click the link. Instead, manually type in the company’s URL in your browser.
- Contact your IT Security team if you are unsure at all about an email.