Phishing unravelled

Phishing may well be one of the oldest online scams in the world, but it’s also one of the most effective and commonly deployed. Here’s what to be aware of.

Phishing may well be one of the oldest online scams in the world, but it’s also one of the most effective and commonly deployed. Here’s what to be aware of.

It’s fair to say that over the past five years, the idea of the “digital life” has become, somewhat ironically, “more real”. We’re more connected than ever before and increasingly, whether it’s checking our bank account, reading an article or buying groceries, we’re doing more of it through internet-connected devices.

Consider the growing centrality of social media to our lives – it is, as a recent survey from Deloitte noted, “ubiquitous and omnipresent; we use it to interact with friends, share our favourite content, discover new content and ultimately broadcast our opinion on anything and everything. As social becomes so pervasive, it’s no surprise that our digital lives and ‘real’ lives are intertwined”.

However, against this brilliant backdrop there are many challenges facing members of the public who are increasing their digital presence, personally and professionally. In this feature we take a look at one of the oldest and most effective online scams in operation today: phishing.

Phishing explained

Phishing – we’re sure you’ll agree – sounds a lot like fishing and indeed, the term is derived from the popular activity – as with fishermen, scammers use “digital bait” to hook in unsuspecting victims who have no idea that it’s all an elaborate trap.

More specifically, phishing can be understood like this: an attempt to acquire personal information via the web for illegal use. In most cases, the fraudsters – purporting to be a reliable, authentic and trustworthy source – are looking for monetary gain.

To do this, they need access to data like:

  • Usernames and passwords
  • Bank account details
  • PIN number
  • Q&A answers (i.e. the answer to ‘What is your mother’s maiden name?’)
  • Date of birth
  • Address

Phishing happens on a daily basis and most of us will usually receive some sort of duplicitous request for information by email. Luckily, most of this is automatically spammed, however, every now and again, a sophisticated scam will get through the filters and hit people hard.

Be warned: phishing isn’t exclusive to emails. It can come in the form of a seemingly genuine website, social media account and wirelessly (most commonly achieved through public Wi-Fi).

What to look out for

Masked in clandestine language, embellished through fancy design and boosted by evoking a sense of emergency – these are all the hallmarks of a typical phishing scam, be it an email, website or social media poll.

At the heart of the attempted fraud is some sort of call to action that encourages you to pass on your personal details. Any seed of doubt that may be planted by an unusual request like this is covered up with clever pretence – they look, act and talk like a professional.

Needless to say, a high quality phishing scam can be hard to spot, which is why so many people end up being conned. However, with vigilance and a cautious attitude, you can shore up your defences. Here are eight key things to look out for:

  1. Generic and informal greetings – a lack of personalisation and formality is typical of phishing scams
  2. A request for personal information – the core element in any phishing scam
  3. Poor grammar – spelling mistakes, typos and unusual phrasing is indicative of a fraud
  4. Out of the blue correspondence – unsolicited contact from your bank provider, for example, is highly unusual
  5. Unexpected attachments – as with above, if you’re not expecting something, think twice before you open
  6. A sense of urgency – be wary of statements like “click today” “get in touch asap”
  7. Striking gold – if it is too good to be true, then it is too good to be true
  8. Peculiar domain names – Why would an English bank send you emails from Peru?

Key takeaway

A classic defence strategy in soccer (or football) is succinctly expressed as such – if in doubt, kick it out. It’s a fuss-free statement that you should consider if you ever come face-to-face with a possible phishing scam.

Simply put, don’t try and be clever, don’t mess about and don’t let your guard down. Instead, stick with the most basic and effective solutions at your disposal – ignore, delete, report – and you can be confident you’ve done well. Enjoy a digital life, not digital bait.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center