What is phishing?

Phishing is an attempt to trick an unsuspecting person usually via email or social media, to give away sensitive information.

A phishing attack uses disguised emails to trick the recipient into believing that the message is from someone they know — a query from their bank, popular websites or a note from someone in their company. The email will instruct them to download an attachment or click a link. These links go to fake pages which ask them to provide sensitive information such as their passwords, banking details, date of birth, address etc.

An attack can have devastating results; such as unauthorized purchases, the stealing of funds, or identify theft.

How to spot and prevent a phishing attack

If you have an email account, social media account or any kind of online presence, chances are you have received a suspicious mail or message. Heard from any Nigerian princes lately? Most email providers are pretty good at identifying fraudulent emails and move them to your spam box. A few however may slip through, its always a good idea to stay vigilant to ensure you don’t end up being a victim of a phishing attack.

Spelling and grammar
Many amateur hackers make basic grammatical or spelling mistakes in their messages. Official messages from any major organisation are unlikely to contain spelling errors or grammatical mistakes. If you see a poorly written messages from a professional organisation or a bank it will most certainly not be legitimate.

Shortened or different URLs/links
It’s very common for phishing messages to encourage you to click a link to a malicious website. Many of these links may appear like an official-looking URL. However, if you take a second to examine the link more closely, you can hover the pointer over it and often find that while the text seems like the legitimate link, the actual web address is different. Some links could be minor variations to an official website, hackers hope that you simply don’t notice it. Examine the link before clicking on it, if it appears fake, don’t click on it.

Strange message or appears too good to be true
Congratulations! You’ve just won the lottery/a voucher/tickets! Some rich old person wants to give you millions of dollars for safekeeping! How can you get all this free money? Just give us with all your personal information including your bank details to claim it. If something seems too good to be true, it probably is.

Mismatched or odd sender address
If you receive a message that appears to be from an official company account. The message warns you that there’s been some strange activity in your account and urges you to click the link provided to verify your login details. It looks legitimate, with good spelling and grammar, the correct formatting and the right company logo. But the sender address is different. Hackers can’t fake a sender address, they hope that you don’t check it. Often the sender address will just be listed as a string of characters rather than as sent from an official source. Keep an eye on the sender address to ensure that the message is legitimately from who it says it is.

The best way to prevent yourself from being a victim of a phishing attack is by exercising common sense and restraint when dealing messages, with a little caution, the biggest, most popular method of getting hacked is easily preventable.