With more and more phishing attempts among personal and company emails, users are urged to be more cautious when it comes to vi­ewing websites and emails.

A recent survey conducted by YouGov asked 200 UK adults to spot signs of a potential phishing site compared to its similar genuine site. Its results found that the majority failed to spot the most common signs of the phishing site. This evidence highlights the high risk that many PC users are at from online fraud.

By following some basic tips, users can become more aware of what to look out for on websites and emails before submitting their valuable data. Discussed in this article are some hints and tips of what to be aware of when surfing the web and how to recognise scam emails to prevent getting ‘hooked’.

What exactly is phishing?

Phishing is a type of deception designed to steal your valuable personal/company data. Phishing emails are those that are emailed to look like they come from legitimate companies such as your bank or credit card company. By clicking on a link within a phishing email you will be directed to a cloned website – made to look like the real thing – and prompted to enter your log in details and/or other personal information.
To prevent this from happening there are certain things to look out for when viewing a website or email.

• Look for specific phrases within the email. Users should look out for certain phrases within emails that may suggest it is a phishing attempt. Examples include: “Dear valued customer” - Most of the time phishing emails are sent out in bulk and so will rarely contain a users first or second name.
  “Click the below link to access your account”, “Update your payment information”, “Verify {or update} your account” - Genuine businesses should not ask you to log in via an email link.
• Check the web address link. Hover over (not click on) the URL link - This normally displays the phishing site URL. Check this carefully as sometimes the address may be very slightly altered (an additional ‘S’ or a hyphen in-between words).
• Sometimes you may not even have an account with the company. The email is sent as a mass mail to thousands of people that it will fit with some, not with others.
• A phishing email is generally vague. It may state that there is a problem with your account, for example, but not specify the problem.
• Look for spelling or grammar mistakes within the email. Genuine banks and organisations take care to avoid such errors.
• Be aware that a phishing email may look completely genuine, for example, it may contain the correct header or logo. However, this can be simply taken off the genuine company website, so don’t fall for it.
• When inputting data on a website always check whether the website is on a secure server. This can be seen by checking the web address in the address bar. It will begin with “https://” if it is on an encrypted, secure server, rather than the normal “http://” web address. The padlock icon would also appear on the browser interface rather than within the webpage. Please note that if the website is using encryption this doesn’t necessarily mean that the website is legitimate, it just ensures that the data is sent in encrypted form.
  

Unless you are completely sure of the authenticity of the email, it is advised not to click on a link within an email, and instead access the genuine site independently from a separate browser window.

In addition to keeping the discussed tips in mind when viewing websites and emails, it is also recommended to use the most up to date antivirus software (to help detect and disable malicious software), anti spam (prevents phishing emails from reaching users), antispyware and phishing filter software to ensure your data is secure. For further advice and guidance on how to prevent being ‘phished’ contact Rockford IT.

An example of a phishing email.