Our jargon buster section moves to phishing. What is it, what does it mean and how do you make sure you don’t fall for such a scam?

A phishing scam is a broad term used to refer to any scam where a cyber-crook contacts a victim pretending to be someone they are not in order to gain the trust of the victim and thus trick them into giving up personal or sensitive information about themselves.

The scam relies on a crook being able to pretend to be someone they are not thanks to the anonymity the Internet, social media and mobile apps provide. Using this pretence, the crook will try and gain the victim’s trust to trick them into handing over personal information.

Why the term phishing?

The term was coined in the 1990s, and is an analogy to fishing (angling.) The crooks send out the bait (an email, chat message or text message) to countless recipient’s emails or phones (the sea) to see what they can catch (login information, payment information, personal information.)

How do they work?

Step One. The lure.

The first step of this scam is a message sent from the crook to the victim. Most popularly this is through email, but can also include text message or messages on social media such as Facebook, WhatsApp or Twitter. While the message will be sent from a crook, it will appear to have been sent by someone else. Usually this means someone the victim will trust. This could be their bank, a social media site they use, eBay, PayPal or even a friend.

The message will try and convince the victim into doing something that will, unbeknown to the victim, put their security or privacy at risk (since it will result in them giving up sensitive information.) This is the social engineering part of the scam; gaining the victim’s trust and persuading them to do something that will put their security at risk.

Step Two. The steal.

The second step is the crook getting their hands on the sensitive information that the victim has been tricked into giving away. This is commonly achieved using spoof websites that look like a legitimate website but are controlled by the crook.

The first step, the lure, will typically include a link that leads to step two, the spoof website that steals the data entered into it.

The victim will believe they’re entering information into a legitimate website they can trust. But the site is controlled by crooks, and any information entered into it will be sent straight to the crooks, including login information.

An example

The following is a real life example showing both steps described above.

The first step here is an email that appears to come from Netflix claiming there is an issue with the account. That’s the lure; the social engineering.

The email contains a link, that leads to the second step. The spoof website; the steal (below.)

This webpage appears to look like the real Netflix login page. But it isn’t, and any information entered onto this page will be sent to the crooks.

Spotting the fakes

Some tips to avoiding these scams.

– Be cautious of unexpected emails, app messages or text messages that ask you to click a link, no matter who they appear to be from.

– Be especially careful if that email or chat message doesn’t contain your name, and refers to you as a generic word such as “customer”.

– Be sceptical if the email or chat message contains a link that leads to a webpage that asks for sensitive information, such as a password or your banking details. Try to avoid clicking links in emails and messages altogether.

– Always check the web address of any webpage before you enter information into it, especially if you arrived at the page by clicking a link. For example, if you’re supposed to be on Netflix, the web address should start with Netflix.com, and if it doesn’t, it’s most likely going to be a scam.

– Watch out for poor spelling and poor grammar since many of these crooks come from non-English speaking countries.

– If you doubt a particular communication as come from its alleged source, contact that source directly by calling the support number or email on their website.

-And remember, if you’re in doubt, always ask someone else what they think, and never takes any risks.