Guide to Protecting Yourself from Phishing Scams

Phishing is one of the most common cybercrimes out there. To properly avoid and keep yourself safe from this particular scam, you need to be aware of how it works and what forms it can take. In this article, we give you a quick overview of phishing scams and the best way to protect yourself against them.

What is phishing?

Phishing is a type of cybercrime in which criminals attempt to deceive you into disclosing your personal information. Scammers often pretend to be from established businesses, such as banks, lenders, or utility service providers.

An example of a phishing attempt is when an unknown sender pretending to be from your bank asks for your banking details, credit card number, or even asks you to send them your one-time password (OTP) or security code.

Common phishing attacks come in the form of emails or text messages. In these messages, the sender may ask you to verify your personal information or direct you to a fake website to input your account details. Some scammers may even contact you through social media or call you directly on the phone.

If you fall victim to a phishing attack, it may lead to your personal information and/or banking details being compromised, loss of money, or even identity theft.

Types of phishing scams

Through the years, phishing strategies have evolved. The different kinds of phishing scams are:

Spear phishing

Spear phishing is a personalised and targeted form of phishing attack aimed at specific individuals or companies. In these instances, the scammer may already know some of your details, which they will use to get more valuable information from you, like your online banking password or credit card security code. In some instances, these spear phishing attempts are designed to infect your device with malware.

Whaling

Whaling, also known as whale phishing, is a type of phishing attack that targets senior executives or high-profile employees from a specific organisation. The goal of a whale phishing attempt is to get sensitive company information to steal money or gain control of an organisation's computer systems.

Vishing

Vishing is a voice phishing attack. This pertains to phishing attempts made through phone calls. The scammer will call you, sometimes using voice-modifying software to conceal their identity, to get important information such as your banking details, email credentials, and the like. Vishing can be used for spear phishing or whaling to make the scammer seem more credible.

Smishing

Smishing combines SMS and phishing. As the name suggests, it's a type of phishing scam where cybercriminals contact their target through text messages. Often, these messages create a sense of urgency, prompting you to click on a malicious link or provide sensitive information.

Clone phishing

Clone phishing is a more advanced type of email phishing. Instead of a scammer sending an email pretending to be someone from your bank or another established business, scammers will intercept an email from a legitimate sender and make modifications before it reaches your inbox. These changes are made in the hopes that you'll click on malicious links or share sensitive information, just like a typical phishing scam.

How to avoid phishing scams

Phishing messages are designed to look as close to the real thing as possible. Here are a few pointers to keep in mind when you encounter a potential phishing scam:

• Review the sender details to ensure it's an official correspondence from the company or organisation.

• Look up the names and exact wording used in the email or message online to see if it's a known scam.

• See if there's a secure symbol or 'https:' instead of just 'http:' in the URL you're accessing to ensure its legitimacy. You can hover over any links in emails, for example, to preview the URL before clicking on it.

• Avoid clicking on links or downloading attachments from emails or text messages claiming to be from your bank, lender, or another service provider.

• Use spam filters to avoid receiving emails from unauthorised senders.

• Use multifactor authentication on your online accounts to add security, and so you're aware of any unauthorised login attempts.

If you're ever unsure about the legitimacy of a communication you've received, contact the company directly on their registered phone number or official hotline to check.

Report phishing attempts

If you think you've received a phishing attempt, report it to Scamwatch. All you need to do is complete the form. Reporting a scam helps stop scams and protect others from becoming victims.