Phishing is the name given to the process by which cyber criminals attempt to obtain the personal information of others, such as credit card details or passwords, usually via hoax or spam emails.
These emails can appear to be sent from reputable companies, and may contain links directing the user to what seems to be a genuine website. In reality, these websites are a façade – a replica of the real thing made for the purposes of stealing login details.
With phishing emails becoming more sophisticated, they are getting harder to spot, so here are some top tips for recognising them:
1. The email has a generic greeting such as ‘Dear sir’. Most companies that hold personal data about you will use your name.
2. The email contains grammatical or spelling mistakes.
3. The email contains an urgent call to action or threatens immediate consequences, such as the closure of an account.
4. The sender’s email differs from the genuine company email. This could be a very subtle difference, like llloydsbank.co.uk instead of lloydsbank.co.uk
5. The sender’s email is not from a genuine company email, but a free hosting mail account.
6. You are not expecting an email from the organisation, or it is an unusual way for them to communicate with you.
7. The email asks you to confirm your password or bank account details.
If the email appears genuine and you are directed to a website, there are other ways to check for phishing. Always ensure that the website is secure. If you are entering sensitive information into a website then check that the address starts with https, or that the padlock icon – which signifies a site is secure – is displayed in your browser.
Additionally, the website should be free of grammatical or spelling mistakes, and the address of the website should be correct. Just like with email addresses, look for subtle changes in the spelling of a company name, like letter substitutions, additional characters or the insertion of hyphens.