Phishing is a social engineering tactic where scammers seek to convince you to hand over your personal details. Phishing usually happens by email, although it can also happen by SMS (Smishing) or by Voice (Vishing). There are several red flags you should look out for to avoid becoming a victim of such an attack and steps you can take to protect yourself.
How does a Phishing attack work?
Hackers are after one thing – your data. Their aim is to get you to hand over sensitive information, including, amongst other things, bank account details. To do this they create fake email addresses and websites and use these to contact potential victims while pretending to be a legitimate organisation. The messages sent by hackers almost always include a sense of urgency or a threat of negative consequences if you do not act immediately. This urgency or the use of threats should always raise suspicion.
There are other tell-tale signs than a phishing attack is underway. These include the language used in the message. Spelling and grammatical mistakes are a sign that the message has not been properly vetted by a brand’s communications team.
Another thing to always be wary of is the type of information that is requested, and the actions you are asked to take. Personal details and sensitive information like passwords to access accounts should never be requested by email, SMS or via a voice call. This also applies to requests to resubmit details which an organisation already has via websites or to download files or software on to your devices. Always check the sender email address and the web links you are being asked to visit to ensure these are legitimate and if in doubt, contact the organisation through a safe channel that you have used before.
Tips to stay safe
The first, and most obvious, tip to help you stay safe from phishing attacks is to exercise caution when opening or responding to messages. In addition to checking domains and web links to make sure they match the company or organisation’s official domain, you can also make sure a website is safe by seeing that the url starts with ‘https://’ and that it has a closed lock icon next to it, immediately to the left, in the address bar (as shown in the image below).
It is also important to regularly check your accounts. If a hacker has gained access, the quicker you spot suspicious activity the better. Not only will you minimise your losses but the quicker an organisation and the authorities know about an incident the more likely they will be able to stop the attack affecting other people.
You should also think very seriously about what protection you have installed on your devices. Most browsers have anti-phishing tool bars. Use them. You can also install anti-virus software and firewalls. Hackers are always trying to find new ways to obtain information and access accounts and so it is important to keep your browser, anti-virus software and firewalls updated as these evolve to meet the changing nature of the threat.
At the end of the day, just remember to stop and think before you click. Ask yourself whether the organisation that has sent you this message normally contacts you in this way. There is no one single action you can take to prevent phishing attacks, but a combination of caution and software will go a very long way to keeping you safe.
Finally, remember that at MeDirect we will never ask you for personal or account details via email or SMS so never share any of this information through these channels with anyone. If you do receive a suspicions message, do not respond, open any files or click on any links. Instead, call us on (+356) 2557 4400. The information you provide will be used to help reduce financial fraud.