Online scams are unfortunately getting more and more frequent, and one way to be scammed on the internet is phishing. Everybody has probably heard of it, but not everyone may know just how it works and how to protect oneself from it.
Cybersecurity expert Tove Marks from VPN Overview can help with this, providing tips to avoid phishing scams, while spreading awareness on the practice and how dangerous it can be.
What is phishing?
Phishing is a cybercrime that compels the victims to give out personal information or cybercriminals, such as bank details.
The most common form of phishing is through emails, which look like they have been sent from official organisations or people you might know. These emails can be extremely accurate to make them look as real as possible, and within it there will usually be a hyperlink or an attachment for the victim to click on.
However, phishing can be also come in other forms, such as social media messages, invoices and phone calls.
How do I recognise phishing emails and messages?
1. Greetings, language and grammar
The easiest way to recognise an illegitimate email is to check for grammar and spelling errors. If the criminals are not English-speaking individuals, mistakes are huge red flags to pay attention to.
Moreover, as these emails are sent to a large number of people at the same time, they will most likely not be personalised. Another thing to look out for is the sense of urgency that the message communicates: words such as ‘URGENT’ or ‘IMPORTANT’ can be a giveaway.
But this is not always the case, as some phishing scams are extremely accurate and none of these red flags might show. In that case, there’s more you can check to recognise a scam.
2. Check the sender’s email
As phishing emails are meant to look official and sent by organisations such as banks and so on, it’s important to know the real email address of such organisations. Since they’re not part of it, the scammers will likely use similar formats, but in different combinations. The easiest way to make sure the sender is trustworthy is to check on the official websites the email address or phone number of the organisations.
3. Don’t share personal information
Regardless of the email address you receive a request from and the contents of such email, remember that no bank or other official organisations will ask you for your personal information, and if you receive a message that asks for some of it, always treat it with suspicion.
4. Beware of attachments and links
The ultimate purpose of an email of a phishing scam is to have the victim click on an attachment or a link, and this could already install spyware on your device which can extract personal information without your knowledge after you’ve moved on from the email or message.
Do not click on anything that you cannot trust and that you do not know, and always double check the format of the attachment, as well as the address of any link.
5. Trust your instincts
Generally, any person who uses the internet knows to question to anything you might find suspicious on it. Because of this, when you’re not sure whether you can trust an email, a message, a website and so on, don’t.
Rather, ask for clarification from the agency or organisation that is presumably asking for info through official channels such as an app or an official phone number.
How do I avoid having to recognise phishing in the first place?
Most browser and websites do recognise phishing emails and spam, and to avoid having to deal with them at all always remember to use two factor authentication on your accounts, as it might be lengthier, but it is safer; activate your spam filter and finally only share your details and personal information on secure websites.