How to spot and help prevent phishing

Every day, millions of people worldwide fall victim to internet scams. These scams can take many forms, such as fraudulent investment opportunities, fake job offers, and phishing.

This article includes tips, suggestions and general information. We recommend that you always do your own research and consider getting independent tax, financial and legal advice before making any important decision.

That’s why it’s crucial to take steps to help protect yourself. Staying informed, remaining cautious, and following good security practices can significantly reduce your risk of falling victim to scams.

This article explores common phishing attacks and offers tips and strategies to help protect yourself from these fraudulent schemes.

What is phishing?

Phishing is a type of cyber-attack where scammers attempt to trick individuals into giving away their personal or financial information.

In a typical phishing attack, scammers might create fake emails, text messages, or websites that appear legitimate. They might use logos, branding, or other elements to make the communication look like it's coming from a trusted source, such as a bank or social media platform.

Normally, the goal of the attacker is to convince the recipient to click on a link, download an attachment, or enter their personal information.

Types of phishing attacks

Wondering how to help prevent phishing? First, it’s important to understand what it might look like.

Phishing scams can attack a general audience (spam phishing) or target a specific group or individual (spear phishing). Within these two categories, there are different types of phishing attacks that scammers might use.

Here are some to be aware of:

• Email phishing: Fraudulent emails appear to be from a legitimate source, asking the recipient to click on a link or provide personal information.
• Smishing: Scammers use text messages to trick individuals into clicking on a link or providing personal information.
• Vishing: Like smishing, scammers use phone calls to convince individuals to providing personal information or clicking on a link.
• Website spoofing: This is when fake websites look like legitimate ones to trick individuals into providing personal information.
• Clone phishing: Scammers create a fake but identical copy of a legitimate email, then send it from a similar-looking email address, asking the recipient to click on a link or download an attachment.
• Social media phishing: This happens when scammers create fake social media accounts, then send phishing messages to their contacts.

How to spot phishing

Some phishing scams claim to be from someone you know, while others pretend to be from a reputable business or charity. They often threaten to send a debt collector to your house if you don't transfer money to them or supply your personal information. Alternatively, they may claim you have a tax refund waiting, requiring you to click on a link — which then might release a virus or malware that can infect your computer.

There are ways to help spot and potentially prevent a phishing attack, including:

• The use of strong passwords and two-factor authentication
• Anti-phishing software
• Keeping existing software and systems up-to-date

You also need to stay vigilant. This involves looking for particular traits in the messages you receive, such as:

• Taking note of spelling mistakes or poor grammar
• Checking the sender's address to ensure it's the correct one
• Avoiding websites where the URL doesn't have a padlock or 'https' at the start

Another red flag is if a message contains a sense of urgency. Typically, phishing scams might give you just a few hours to respond to their message, instilling fear and making you feel that you must act quickly.

Ways to protect yourself and help prevent phishing

It's important to make security a priority. Below are some additional steps you could take to help protect yourself from phishing.

Avoid clicking on links and check senders

Never click on a link in a message, even if it looks like it's from someone you know.

Software updates

Maintaining up to date software is one of the best ways to help protect your data, as updates typically include new and enhanced features that can address real-time security issues. Consider regularly updating the software on your mobile phone and your laptop and desktop computers. You may also want to change your password regularly.

Multifactor authentication

Many organisations like banks and healthcare services offer multifactor (or two-factor) authentication to access their app or platform. This means when you sign in to an account on a new device for the first time, you’ll need more than just a username and password.

A common form of two-factor authentication is when a company sends a one-time passcode to your mobile phone that you then enter before you’re able to sign in. If you're offered this option, consider taking it up. While it adds an additional step, it could help you avoid being targeted by phishing scammers.

What to do if you suspect a phishing attack

If you think you are a victim of a phishing scam, it's important to act to minimise the damage.

• If you've provided personal information about an account you use, change that password right away.
• If the details you've provided are financial, let your bank and payment card provider know.
• If you've sent money to a scammer, consider contacting the police.

• Report internet scams and phishing so the National Cyber Security Centre can investigate it.

Some phishing scams might involve fake PayPal messages. If you’re not sure whether an email is fraudulent, avoid clicking on any links. Instead, open the app or log in online to see if the same message is in your account.

Learn more about the importance of online security and reporting fraud.