Half of all Internet users report receiving one or more of the 100 Billion spam emails sent every day around the world. Phishing emails can look and sound very convincing, and the web sites they link to are often near-perfect replicas of those of the company they are imitating.What can be done to avoid being caught?
Step One: Knowledge is Power
Knowing the tricks of the trade that scammers use is the most powerful weapon in the fight against phishing emails. One of the first giveaways is a generic greeting – “Dear valued customer” or “Dear sir / madam”. Second is who the email is from; the most obvious clue that an email isn’t genuine is that it appears to be from an organisation you don’t normally deal with. It is easy for a sender to insert almost anything in the “From” box – what you see is not necessarily what you get.
Step Two: Check Web Links Carefully
Many scammers will use genuine-sounding words in the addresses of fake websites in an attempt to make them look more authentic. banking.mybank.login.obsecuredomainname.com is very different from banking.mybank.com – despite first appearances. Checking the full web site address carefully before entering any information is a good habit to develop, even when using bookmarks. The URL of a secure site will always begin ‘https://’ – if it doesn’t, it’s not secure. If there is any doubt over the authenticity of the site you’re looking at, type the address manually, or follow links from the bank’s own web site.
Step Three: Telephone Phishing
Telephone phishing scams can at first be a little harder to detect, but with the right knowledge, staying secure is easy.
Callers often won’t have complete information, or may ask to “confirm their records are correct.” This might be a credit card number, online banking details, name, address or date of birth. Never be afraid to question a caller if there is any doubt over their authenticity; a genuine caller will expect this and will be able to give you information that only they would know. If you still have concerns, hang up and call the company back using an advertised number.
Step Four: Never Give Personal Information by Email
It is important not to send any sensitive information by email to anyone; including trusted friends or banks. Not because of what they might do with that information, but who could intercept it and go on to use it maliciously.
Banks and credit card companies will never ask for personal information by email; such a request is a very strong indication that you’ve received a phishing email. If in doubt – delete.
Step Five: Report Breaches Immediately
If you suspect you’ve inadvertently disclosed sensitive information, inform your bank or credit card company without delay. You won’t be judged, and they will act immediately to protect your account. If you do nothing, it is likely that you will be liable for any purchases made with your card.
Many ISPs and email providers offer anti-spam protection and it is worthwhile subscribing to such a service if possible. It only takes one or two individuals to unwittingly hand over their bank or credit card details to make the scam pay. Armed with the right knowledge, you can protect yourself and stay safe online.