Phishing

You may have come across the term “Phishing” and you will almost certainly have seen a “phishing email” in your Inbox  – but what’s it all about ?

Login details for most online accounts (e.g. email, banking, credit cards) comprise an email address and password. If the “bad guys” can persuade you to give them your email address and password combination then they can login to your account, pretend to be you, and use it as they wish. What’s more, if you use the same email address and password combination for lots of online accounts, then they can login to all of these too.

Phishing is a method that is used to try to fool you into giving your login details to the bad guys without you realising.

The principle behind most phishing emails is the same. The email will be made to look like it comes from reputable source that is familiar to you (e.g. your broadband provider, Apple, Paypal or HMRC etc.). The email will include a link and invite you to click on this link to verify yourself or get more information.

When you click on the link this will open a website that appears genuine but is actually a fake website setup by the scammer. The website will prompt you to enter your email address and password, and this goes straight to the scammer, who now has your login details.

For example –

A typical phishing email,note the sender’s email address and the “Verify now” link

So how can you distinguish a genuine email from a phishing email and not get caught out ?

Well the most effective advice is also the simplest –

NEVER click on a link in an email unless you are 100% certain that the link is genuine and from someone you trust.

Do this and you will never be caught out by a phishing email. If the email looks like it might come from an important service provider (e.g. Paypal, HMRC, your broadband provider) then close the email and contact that service provider in the way you would normally contact them, rather than using any information in the email.

Identifying a Phishing Email

If you really need to convince yourself that an email is fake, then there are usually clues and there will always be one definitive item that proves it.

Taking the example above, the message pretends to come from Apple but the senders email address is definitely not Apple. In this example, northernvalleycareers.com has either been hacked or the email address is being faked. Either way, Apple will not send you email from that address.

Look carefully at the text in the message. Scammers are often not native English speakers so there will often be spelling or grammar mistakes (e.g. We requires verification….)

Another clue is that phishing emails almost always present themselves as “urgent !”. They imply that you “must take action immediately !” or something bad will happen. This is deliberate psychology to encourage you to make a quick decision, rather than wait, rationalise and see the email as fake.

But the biggest clue is in the link itself. Remember, the link must take you to the scammers own page, which may be a website that has been hacked but which will definitely NOT be a genuine Apple webpage.

In the email, if you were to hover the mouse cursor over the link but not click the mouse, you would see a popup that shows the real address of the link

Note popup with true address for the “Verify now” link

In this example the link would take you to https://dogandcar.com…. and not an Apple website. That particular webpage has probably been hacked or taken over by the scammer so that it will look like an Apple webpage when you go there and encourage you to enter your Apple ID.

Another phishing email – note the actual address of the link does not match the text shown

This time the link seems to imply that it will take you to an ionos.com webpage, but if you hover over the link you will see that it actually takes you to  nilmarmoveis.com.br

And “multiple password failures were present before the logons”. That is very strange grammar.

But don’t click on the link !!

For more information on good Email Security practices and what to do if your account is compromised, see the next post.