What is phishing and how can you protect against it?

Phishing is a computer hacker’s pastime. He or she sends out spam emails (i.e. casting their line) that require the recipient to act (i.e. offering you the bait). When you click on the link within the email, they can gather financial/confidential details from you (i.e. reel you in), and/or offer to destroy your site/reputation if you don’t send them any money.

Phishers are very bad fishermen indeed.

An angler may drop a maggot into water before sitting and waiting for a fish to come by. The fish sees the maggot and believes it’s a lovely morsel of food just sat there, no strings attached. It’s only when the fish has gobbled it up that he realises that lovely little maggot was just a ploy by the fisherman to get him into a net.

It’s the same with a phisher. He will send out hundreds and hundreds of phishing emails to random addresses he’s either bought, stolen, or which were in the public domain. 

And just like the fish with the maggot, many unsuspecting recipients of a phishing email may believe that the email they’ve just read is real and sent from a reputable company. The logo may be the same, the structure of the message may look authentic, and it may contain your name/address, etc. Why wouldn’t you respond?

Because phishing and email scams are escalating. They’re not as easy to distinguish from real email messages as they used to be. 

Bear in mind that an email is not usually the preferred method of communication between provider and payee if money is owing. A traditional letter through the post is still the first port of call for most organisations.

If, however, you do receive an email asking for money and/or personal information, don’t—under any circumstances—click any link within the message itself, as this is where the phishing anglers keep their bait. If you’re unsure whether the message is bona fide, phone the company in question to find out. Resist the temptation to reply to the email to investigate its validity – you’ll usually find phishing emails come from strange email addresses that bear no resemblance to the company they’re purporting to work for. Even if you feel like replying to the hackers in question with words of profanity, don’t—it could prove harmful to do so.

Phishing emails may also warn you of a scam or phishing threat (how kind of them). This because the hackers know that most people will wish to act upon a threat. And, if you’re in a panic, you’re not likely to check out the credentials of the warning message; you’re more likely to simply react and click the offending link to find out more. Another trick they use is to report that you’ve overpaid your tax, or you’re due a refund of some kind. Drunk with the thought of ‘free money’, you’ll pay less heed to the email and will happily click through to claim your dosh.

Statistics show that 94% of cyber-threats arise via email. Whilst films often glorify hacking and show terrorists getting into MI5’s online systems, for example, the truth is more likely to be lone individuals working from their bedrooms, preying on the general public. 

Take a look at your email program, as some include automatic spam filters, which squirrel these offending messages into a cyber-bin before you even see them. As smartphones are effectively mobile computers, consider adding some protective software to your phone, too. 

It’s perhaps inevitable that, with time, and as technology becomes more sophisticated, so do the programs and the methods used to illegally obtain money from them. 

Unfortunately, it’s often the vulnerable who suffer the most—the elderly, perhaps, and the less tech-savvy amongst us—as these people are less likely to spot dodgy emails. 

Use an alternative method to check out any email message you even slightly suspect to be bogus. A reputable company will be happy to confirm that they’ve contacted you.