In today’s digital age, most people have become increasingly aware of the high level of cybercrime and online fraud that takes place, affecting homes and businesses across the country. Crimes such as the launch of online viruses, malicious malware, and computer hacking have affected huge numbers of people both financially and in many other ways.
In addition to these crimes, computer users also have to be on the lookout for the various methods used by criminals to commit fraud and identity theft, a common one being phishing. While more and more people have become aware of online phishing scams there are still many people who fall victim to these scams on a daily basis.
How does a phishing scam work?
In short, a phishing scam works by sending out an email in the name of a bona fide company – often some sort of financial institution. The email contains a link to the site, and the recipient of the email is provided with a reason as to why they need to go onto the site and enter personal details such as user names, passwords, or account details.
Naturally, many people simply click on the link that has been provided within the email for the sake of convenience and speed. This link then takes them to the company website – or so it seems…
What actually happens is that the link takes them to a fake version of the website, albeit a very convincing one. The user than enters the details that have been requested oblivious to the fact that they are actually entering these details on a fraudster’s fake website. Once the details are entered and submitted, the criminal’s have achieved their object and can wreak havoc with the variety of personal and sensitive data they have extracted with such ease.
Why would you enter your personal details?
Anyone who has never fallen victim to a phishing scam may wonder why someone would enter personal details just on the say so of an email. However, scammers think of some pretty impressive and convincing reasons to encourage their victims to do this. Some of the common reasons used include:
– Their account will be blocked if they do not enter the details requested
– The details are needed to update their account for security reasons
– They require the details in order to improve their anti-phishing systems
– Verification of details are needed from the consumer following an update/upgrade to the site
These are just a few of the reasons given by scammers, and many people wouldn’t be at all suspicious because they seem pretty plausible.
Tips to avoid falling victim to phishing scams
Because phishing scams attempt to take on the identity of another website, they will commonly use masked URL’s to trick unsuspecting users into typing in personal information. Fortunately, these masked websites are detectable by simply looking at the address bar to ensure you’re logging into the correct website. For example, if you’re trying to login to your email account at mail.yahoo.com, and the address bar shows mailyahoo.dummywebsite.com, there is a pretty good chance the website is attempt to steal your login credentials.
Another way to spot a phishing scam is to look for a legitimate SSL certificate. Secure websites use what is called a “secure server license” to encrypt data via a third party company. These certificates validate the legitimacy of the business tied to the website, and encrypt any data passing through the website via the secure connection. It’s actually quite difficult for cyber-criminals to forge fake SSL certifications, because of the process needed to acquire one.
When accessing a secure website, such as a bank, email, or other confidential information, you’ll likely notice that the URL changes from a basic http:// to https://, and often will turn green.
It’s very common for phishing scams to be sent via email! Be on the lookout for emails claiming to need your “urgent attention”, such as banking, social media websites, and anything else that may use a scare tactic. These types of emails will often contain a scare tactic designed to trick you into clicking a button or link, then opening a phishing website.
In addition, if you are worried you can contact the company that the email is meant to be from to clarify whether there is an issue.