Phishing: is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication – Wikipedia
Phishing scams have been around for some time, however, as our everyday use of mobile devices and the internet in general has increased, so has the threat of phishing scams. Just recently my wife and I both received text messages on our iPhones, within a couple of minutes of each other, purportedly emanating from the ANZ bank:
- Note the urgent tone – specifically designed to frighten recipients into acting recklessly
- Note the lack of any form of personal address – no name, nothing which identifies the recipient
- Note the link – which is not secure (https) and when clicked will almost certainly send the recipient to a fake website
As it happens, my wife and I do bank with the ANZ. However, the ANZ Bank is huge in Australia, so if enough of these types of text messages are sent out at random, the chances of them hitting a large number of ANZ customers is very good. Of course, I didn’t click on the link but rather immediately rang the ANZ Bank to verify the status of my account and report this phishing attempt.
Phishing: What to Look Out For
These types of phishing scams are commonly delivered via two methods – email or text message. They will often appear to be from a legitimate source and usually include some sort of incentive – such as to claim money or a prize of some kind. Or, they will press some sort of urgent financial matter which requires the recipient to update or verify their details. The end goal is to entice you into voluntarily revealing critical information, such as banking or credit card details, often via a fake website specifically created for the purpose. If any of the following rules apply, then it will almost certainly be a phishing attempt:
- Rule #1: If an email or text message arrives unsolicited
- Rule#2: If an email or text message does not address you by your proper name
- Rule#3: If an email or text message includes spelling mistakes or grammatical errors
And remember– if it sounds too good to be true, it usually is!
Phishing: What To Do
- As per rule #1 above, start off by regarding any unsolicited contact from your financial institution as highly suspicious
- Under no circumstances click on any link or interact with the email or text message in any way
- Ring your financial institution immediately to verify the status of your account and report the phishing attempt
- Delete the text message or email as soon as possible
Bonus: The Microsoft Phone Scam
I must be considered an easy mark because I regularly receive phone calls from these lovely people with a distinctly offshore accent claiming to be Microsoft representatives. The way I deal with them now is, as soon as they’ve introduced themselves, I say… “No you’re not, don’t be so silly“, and that is usually followed by a loud click from the other end as they quickly hang up. How rude!
What these people will tell you is that your computer is transmitting Trojans, or some other similar nonsense, but they can fix it for you in a twinkle. Their end goal is to gain remote access to your computer in the hopes of maybe extracting critical information, such as passwords, banking or credit card details. Remember– institutions such as Microsoft will never contact you via an unsolicited phone call.
It’s a dangerous cyber-world out there folks, tread warily and carefully!