How to avoid getting phished
“Phishing” is what happens when someone manages to get control of your username and password through pretending to be in a position of authority. It can take many forms, from fake phonecalls to emails inviting you to a website where you’re told you need to “re-enter username and password”, and all it does is report these back to the phisher.
We’ve talked in the past about staying safe online, but phishers use tactics specifically designed to get around the defences you build up. Here’s our top tips for avoiding getting caught out:
- Always be wary of links in emails.
It doesn’t matter who sent an email, always be wary of anything within it. It’s very possible that the person sending you an email might have had their account compromised, so you can’t trust anyone!
- Don’t download strange attachments
Traditionally, people looking for your details might have sent attachments as program files which can harm and monitor your computer. These days, they’re sneakier – a common tactic is to send a Microsoft Word document which, when opened in preview mode, invites you to enable Macros – this will let the virus take control of your machine. Unless you know the person sending you something, don’t download it.
- Make sure you’re on the right website
One of the most common methods of stealing your username and password is to create a fake website to collect your data when you try to login. For example, if a real URL is https://mail.google.com/mail, a spammer might attempt to use https://mail.googlecom-mail.com – at first glance it doesn’t look too strange, but it’s a trap – the domain here is googlecom-mail.com, not google.com/mail!
- Use HTTPS
When browsing websites, you might have noticed a little green padlock to the left of the address bar on some websites. This means that the website you’re on is secure and encrypted – no-one can sniff out your details. You shouldn’t send login details over non-secure websites; in fact this is one of the easiest way to tell a “fake” website from a real one.
Remember, the point of phishing is creating things that are not as they seem. Remain vigilant – techniques are constantly evolving and changing, and you really can never be too careful!