Phishing
Introduction
This is a term used to describe when criminals try to get hold of your credit card details or other personal information by pretending to be someone they are not over the Internet.
Examples of phishing scams
-
- Someone sends you an email, pretending to be from your bank. They say that there has been a security breach and ask you to click on a link to reset your password. They are actually getting you to install malware when you click on the link, or re-directing you to a website they have set up, which steals your password and account details as you enter them. They can then access your account and steal money.
- Someone sets up a web site that looks like a legitimate business selling very cheap goods, far cheaper than anywhere else. You decide to buy something and enter in your credit card details, which they then steal to pay for things themselves.
- Someone sets up a website that looks exactly like a real business that you know. You enter in your credit card details, thinking you are doing business with a company you know and trust, when in fact, your credit card details are being stolen.
Why does phishing exist?
It is a lot easier for criminals to set up a phishing web site or send out millions of emails in bulk, pretending to be from a friend or trusted organisation, than trying to break through firewalls and other security measures on individual computers one by one. They are relying on the fact that people are generally quite trusting. It only takes a few people in every million to fall for the phishing scam and they can make potentially a lot of money, especially if the criminals are based in very poor countries and they target people from relatively rich countries. Other reasons phishing exists is that it is relatively easy for anyone in the world to carry out, it doesn't cost the criminal anything to attempt, it is easy to hide their online tracks, criminals rarely get caught or punished and it is easy to accept money anonymously from a rich country using various services.
How can you protect yourself from phishing scams?
-
- Always beware of offers that are too good to be true (You really cannot buy the latest new iPhone for £150!!) are based abroad or from organisations you've never heard of. You should always do a quick search for reviews of companies before you use them for the first time. If they are scammers, you will usually read lots of reviews from unhappy customers!
- Organisations never ask you to reveal passwords or account details using standard unsecured email. They would contact you via secure, encrypted email via the account you hold with them.
- Phishing emails are often poorly written, with spelling mistakes and poor grammar.
- Spoof websites copying real businesses often use a web address (URL) with a slightly misspelt or slightly changed version of the name of the business. This techniques also applies to spoof emails pretending to come from real companies.
- Phishing attacks often sound plausible, perhaps because of a national story about data theft.
- They often occur over holiday periods, when more people have the time to become victims!
- They sometimes ask you for a small amount of money to release a larger amount of money or a prize, saying it is to pay postage, customs fees or administration charges.
- You are asked to pay for something using a non-traceable method. There are many counters in the UK, for example, where you can send cash to someone on the other side of the world in an instant, without any ID checks.
- You receive an email with a long story from a close friend, which leads up to them asking you to lend them some money for a few days, something they are highly unlikely to ever ask you!
Phishing is always going to be a problem
Unfortunately, when criminals target millions of people, it only takes a few people to fall for it before they make money. Also, many older people are not completely comfortable with technology and very trusting of people trying to help them - they are prime targets! You need to be aware of the potential threats and always be on your guard.
Other terms you may come across
There are a number of other terms you may come across when when reading about phishing.
Spear phishing. This is similar to phishing. It is when an email is sent that pretends to be from someone specific you know, perhaps your boss, except it isn't from them. You are, of course, very keen to impress your boss so may want to follow any instructions in the email, such as emailing over sensitive documents or transferring large amounts of cash.
Social engineering. This is the art of manipulating people in such a way that they give up confidential information.
Pharming. This is where someone sets up a website designed to redirect traffic to a fake website.
Blagging. This is where someone tries to engage, befriend and gain the confidence of a victim, often over a period of time. They usually invent a scenario, which seems plausible. These may include scenarios designed to pull at your heartstrings e.g. having a medical problem or looking after a sick relative. They may give you small gifts or make gestures of friendship to get your confidence. Ultimately, however, the aim is for them to get you to send them money!
Shouldering. This is where someone tries to see you entering in PIN numbers into an ATM machine or see you entering in logins and passwords on a mobile phone in an Internet cafe. This can be done, for example, simply by looking over your shoulder or by setting up tiny, secret cameras that can see what someone is doing when sat in a particular chair.
Ransomware. This is malicious software that encrypts data on a victim's computer and then demands payment before decrypting it.