Phishing is when a perpetrator sends out an e-mail which pretends to be from a legitimate company in order to gather personal and financial information from recipients.
You may receive an e-mail which appears to be from your bank, which tells you that your credit card needs to be reactivated, and they may provide a link which takes you to a website that looks just like your bank's website, with all the official logos, but this will be a spoof website, designed so that they can capture your online banking details. This is just one example of e-mail Phishing.
They will send out many thousands of Phishing e-mails in an attempt to catch a few people out. If they send out enough e-mails for a particular bank then a fair percentage of people who receive the e-mail will belong to that bank. They will also send out Phishing E-mails pretending to be from various different popular companies in order to catch people out.
How do i know if an e-mail is genuine or a Phishing attempt?
A legitimate company or bank will not ask you for any personal or financial details by e-mail, and will certainly not ask for passwords.
Does the e-mail include your name or does it say something like 'Dear Customer'? If it does not include your name then it most likely is a Phishing attempt.
If the e-mail includes attachments or links then this is also most likely a Phishing attempt. Do not click on any links.
The e-mail might contain spelling mistakes or use bad grammar and this may indicate that it is not authentic.
Does the e-mail address look correct? In Outlook you can right-click on an e-mail and select 'Message Options' which should include the e-mail's header. The header will provide more details about where it came from. If you look at 'Received from' in the header then it will include an ip address (4 numbers separated by dots). You can put this ip address into the search box of a website such as http://whatismyipaddress.com/
which will tell you which country it came from and other information.
Copy part of the e-mail and paste into a search engine such as Google which may bring up results telling you that it is a scam.
If you are in any doubt then contact the company/bank through normal channels such as your usual telephone number, visit them in person, or access them online in the normal way and not through the e-mail's links.
An example of an actual Phishing e-mail
Subject - Card has been deactivated
Your HSBC Card has been deactivated.
To continue using your card, your card must be re-activated. You may re-activate your card at no cost by following the steps below.
1. Download the Activation Form attached to this email.
2. Open it in a browser.
3. Follow the instructions on your screen.
After finishing the activation process you may use your card normaly.
Thank you, HSBC Customer Support
The e-mail above pretends to be from the HSBC bank and wants me to activate my HSBC card by downloading and filling in my personal and banking details in the attached form.
This is an obvious Phishing attempt as my bank would never send me an e-mail like this. It includes attachments, refers to me as 'Dear Customer' rather than using my name, which they would know, contains a spelling mistake 'normaly', and is not particularly well written. The header contains an ip address telling me that it has been sent from Taiwan.
If i copy part of this e-mail '1. Download the Activation Form attached to this email.'
into Google then it tells me that it is a scam. There are websites such as http://www.scammed.by/
which list many scams and which you can forward your Phishing e-mails to, so that you may help others realise that it is a scam.
If i was concerned about my bank card then i would access my bank through the normal channels and confirm that my card was activated and working.
This e-mail should be deleted immediately and you may inform your bank that you have received it. Most banks have information on their website regarding security and protecting yourself online against Phishing and other online threats.
If you have fallen victim to a Phishing e-mail
If you have made the mistake of believing that a Phishing e-mail was actually from your bank and have opened the e-mail attachment and entered your details then you will need to do the following as soon as possible:
Change any passwords that you may have given them.
Inform your bank as soon as possible, giving details of the Phishing e-mail and the details that you have sent. Your bank will then take the appropriate action.
How did the scammers get hold of my e-mail address?
You have possibly left your e-mail address on an online forum, blog, or social media. If you run a website or blog then you may have included your e-mail address. If you 'unsubscribe' from a spam e-mail then your e-mail address may be compromised.
You can type your e-mail address into a search engine such as Google to see if it is listed on any websites.
It is not a good idea to put your e-mail address on any websites, forums, social media etc as you will start to receive a great deal of spam as well as scams.
The best defence against Phishing is to educate yourself about these scams and never give out sensitive information and passwords by e-mail. If a company or bank urgently needs to get in touch with you then they will contact you by letter through the post, not by e-mail.