A phishing attack is a scam where people try to get your personal information and use it to commit fraud. Phishing is typically carried out by email or malicious websites that pretend to be a bank or other trusted organisation.
A phishing email might warn you that there's a problem with your account to catch you off guard. Clicking on links within these emails will take you to websites designed to trick you into entering personal details, such as your password or credit card number. If you give out your personal information to these websites, fraudsters will be able to access your account and might set up fraudulent accounts in your name.
Phishing attacks can also happen over the phone where fraudsters pretend to be from an organisation's customer services team. They may ask you to confirm your personal details to continue the call. By asking these questions, they may get enough information to pretend to be you and get through the security checks of your real account with that organisation.
The best way to avoid being the victim of a phishing attack is to be aware of the tricks that scammers use and stay vigilant.
Avoiding a phishing attack.
- Be suspicious of any unexpected phone calls, text messages, or emails asking you about your account or personal information, such as your full name or date of birth. Don't reply unless you're certain that the person contacting you is who they say they are. Don't follow links attached to an email even if they seem to be from a reputable source.
- Pay attention to the URL or web address of any website. Malicious websites may look identical to legitimate websites, but the URL may be spelt differently. Or it may have the same spelling but be registered to a different domain, for example .com rather than .net.
- Don't enter personal information on a website until you have checked that it has a security certification. This may be signposted by a 'Lock' symbol next to the company's name in the URL. If you have any doubts, contact the company directly.
- If an email request seems suspicious, it's a good idea to contact the company directly to check that it's legitimate. Don't use the contact details given in the email or website that's linked to the email. Instead, check your previous emails for contact details.
- Take advantage of any anti-phishing features offered by your email provider and web browser.
For more advice and information, visit: www.getsafeonline.org. This website aims to provide computer users and small businesses with free, user-friendly advice so that you can use the internet confidently, safely and securely.
Information about phishing is also available online from groups such as the Anti-Phishing Working Group.