Start a new topic

Phishing, how to beat it.

6 essential tips to beat phishing scams

Don't get caught on the net

Phishing scams are among the most prevalent forms of cybercrime. Although phishing is widespread, it is beatable. Apart from ensuring you install security software (which your IT technicians look after), the best way to combat scams is to learn what phishing looks like.


What is Phishing?

Phishing (pronounced "fishing") is a kind of identity theft which is growing in popularity amongst hackers. By using fraudulent websites and false emails, perpetrators attempt to steal your personal data - most commonly passwords and credit card information.

Criminals gain this information by sending you links to sites that look like sites you trust, such as your online banking provider or social networks, and are able to steal your data as you enter it. Some of the sites spoofed most regularly include PayPal, eBay, Yahoo! and MSN, as well as financial institutions - so don't think that an email is guaranteed to be safe when it's not from a bank.

How to protect yourself against phishing


1. Be wary of emails asking for confidential information - especially information of a financial nature. Legitimate organisations will never request sensitive information via email, and most banks will tell you that they won't ask for your information unless you're the one contacting them.

2. Don't get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request. It is better that you call the bank’s number directly rather than receiving a call. A bank will never call you and ask you for personal details. They only ask for personal details when you call them, and that is to ensure they are protecting your information.

3. Make sure you familiarise yourself with a website's privacy policy. The majority of commercial websites have a privacy policy, which is usually accessible at the foot of the page. The most useful thing to look for is the website's policy on whether it will or will not sell its mailing list.

Most of the spam you receive on a daily basis - as well as potentially dangerous phishing emails - is coming to you because a site you have signed up to has sold your email address to another company. If you're not ok with this happening, it might be worth reconsidering whether you want to sign up to the site. Spam does not come into the organisation as a result of a breach of organisational security, Spam is almost always as a result of individuals giving their information to a site which has sold it on to other sites.

4. Watch out for generic-looking requests for information. Fraudulent emails are often not personalised, while authentic emails from your bank often reference an account you have with them. Many phishing emails begin with "Dear Sir/Madam", and some come from a bank with which you don't even have an account.


5. Never submit confidential information via forms embedded within email messages. Senders are often able to track all information entered.

6. Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar. Often a phishing website will look identical to the original - look at the address bar to make sure that this is the case.