Phishing attacks are where people capture your login details and gain access to an account. Read on to find out how to spot a phishing attack, and what to do if you fall victim to one …
What is a Phishing (“fishing”) Attack?
Phishing is a type of attack used to steal personal data, including login details or credit card numbers. The victim is tricked into opening an email or message and clicking a link which takes them to a malicious destination. This could lead to the installation of malware (a good anti-virus should prevent this – see How to Stay Safe Online for more) or the harvesting of sensitive information.
Because phishing attacks are carried out in huge numbers, it only takes a small percentage of people to fall for the scam for it to be profitable.
How to Spot a Phishing Attack
Here are some characteristics of phishing attacks which might help you spot them. But as a general principle, be suspicious of everything!
First of all, many phishing emails have bad grammar and spelling mistakes. This should always be a red flag.
Secondly, they will redirect you to a false website. Never trust the text you see in the email link. Here’s an example: Let’s go to Amazon by clicking here (opens in new tab). If you hover over that link (look in the bottom left corner of your browser), or click on it (it’s safe!) you’ll see it goes to my How to Stay Safe Online article. Text is just text. The destination of the link is important.
In the recent facebook scam, people were sent a video via messenger. Upon clicking the link they were then asked to log in to ‘facebook’.
Look very carefully at the destination address highlighted. Here’s an example where the attackers have made no attempt at all to try and even look like the real facebook login page – and yet I still know of 2 people who fell for this. Other attacks will be much more sophisticated.
What’s the danger?
Once someone has your email address and password, not only can they access that account, but, if you use the same password on other sites (and many people do) they can also access those. They can also access linked accounts. Paypal is often linked with Facebook, for example.
What do I do if I fall victim?
Change your password immediately. Then also change it on any other sites using the same one.
Then follow the simple steps in my How To Stay Safe Online article. I would say if you only do 3 things, make them these:
- Use unique passwords. Everywhere.
- Never click on links in emails.
- Make sure you have a good antivirus.
If you can, also use 2 factor authentication on important accounts. This means you have to enter a code (perhaps sent to your phone, or generated via an authenticator app) to log in, as well as a password. Even if you give away your password, someone won’t be able to access the account without your phone.
I hope this helps you spot a phishing attack if you receive one. Stay safe, and stay alert online!