Phishing - What's It All About?

Stories on phishing scams have been doing the rounds in the news media for months now, but they still keep producing headlines. But while phishing emails and websites are on the rise, it is straightforward to avoid them.

What is Phishing?

'Phishing' is the term that's given to fraudulent emails and websites that are created by criminals in an attempt to get you to reveal personal details about yourself, usually your bank account information. It's not only banks that criminals masquerade as, either; any institutions involved with money, including shops and subscription services, can be copied, too. They mimic the legitimate websites and communiqués that an institution, such as your bank, would create, except that the data that you enter is sent to the criminal.

When it arrives in your inbox, a phishing email will have one aim in mind: to get you to divulge your bank or credit card details. This is usually as part of a so-called security check or review of your account details, where the sender will act as though you're simply confirming what they already know. You'll be asked to provide your details in one of two ways: either by including them in a reply to the email or by clicking on a link in the email that takes you to a website that's been made to look like that of the institution in question. Here you'll be asked to log in or simply enter your details in a form on the page, at which point your account details are saved and the criminals have all they need to pose as you at the real website of your bank and transfer your money out.

Phishing is prevalent because it's a low-cost, low-effort activity on the part of its perpetrators. Some criminals are so lazy that they don't even bother making their emails look all that authentic, with poor-quality graphics and no attempt made to look like the bank they're posing as.

Spotting the signs

However, many phishing scams are more polished and those are the ones that catch people out. But there are still tell-tale signs to look out for. Firstly, banks and other reputable institutions will never – we repeat, never - send you an email asking you to supply them with your account details. If you do get an email from an institution that you're unsure about, phone them – if it's a legitimate email then they'll be able to confirm it.

Secondly, check the email/site – does it look legitimate? Many phishing emails and websites look like amateur efforts and not like the sort of presentation a large corporation would put out. Thirdly, if you're taken to a phishing site, remember that your bank will never ask for your full security number/password, only a selection of the digits. If you're asked for it in its entirety, you'll know that there's something funny going on.

Finally, it's worth getting an up-to-date security suite. Many anti-virus programs now include phishing filters that will flag up potential risks, making them easier to spot and taking the burden of recognising them off your shoulders.