Understanding Phishing: Top Strategies to Protect Yourself from Online Scams

By Lyle Winfield
September 25th, 2024
SHARE

Phishing is a cyber-attack aimed at stealing your money or personal information by tricking you into revealing sensitive details like credit card numbers, bank details, or login credentials. Cybercriminals typically disguise themselves as trustworthy companies, friends, or acquaintances, sending fraudulent emails that contain links to phishing websites. These attacks can also occur through text messages, social media, and even within online games. Once you click on a phishing link or provide your information, attackers can gain access to your accounts, steal your identity, or commit financial fraud. Phishing schemes have become more advanced, often mimicking the appearance of legitimate communications, making it harder to tell them apart from real ones. It’s important to stay alert and take steps to safeguard your online security to try and mitigate this.

How to Identify Phishing emails:

Phishing is one of the most common forms of cybercrime, so it is essential to be able to recognise the signs. Here are some key indicators and how to spot them:

Urgent Call to Action or Threats

  • Be wary of messages that urge you to take immediate action or imply negative consequences if you do not respond quickly.
  • Always pause and scrutinise such messages. Are they genuinely from the person or organisation they claim to be from?

First-Time or Infrequent Senders

  • An email from an unknown or rarely contacted sender should raise red flags.
  • Even if it is not necessarily phishing, extra caution is advised before engaging with such emails.

Spelling and Grammar Errors

  • Poor spelling and grammar can be a sign of a phishing email.
  • These mistakes often result from bad translations or deliberate attempts to bypass filters that block malicious content.

Generic Greetings

  • Authentic organisations usually address you by name.
  • If an email begins with a generic greeting like “Dear Sir or Madam,” it could be a phishing attempt.

Mismatched Email Domains

  • If an email claims to be from a reputable company but is sent from an unrelated domain (e.g. a bank email coming from a Gmail address), this is likely a scam.

Suspicious Links or Attachments

  • Do not click on any links or open attachments if you suspect an email might be fraudulent.
  • Hover over links to see the actual URL and verify its legitimacy. On mobile devices, long-press the link to view its destination.

What to do if you have received a Suspicious Email?

If you are unsure about the legitimacy of an email, it’s better to be cautious. If you’re working with a company, contact your local IT support team to help verify the email. When you’re on your own and suspect the email is a phishing attempt, you can always report it as such using the steps below.

How to Report (In Outlook):

Look for the ‘Report Phishing’ button under the Home Tab. If it’s not visible, click on the three dots on the right-hand side and find the button under ‘Protection’.

A pop-up window will appear; click ‘Report’.

Click the block button, located under the report button, to stop receiving further emails for this address.

What happens after you report?

What happens next is dependant on your user reported settings in your organisation. After the messages are sent to the reporting mailbox, to Microsoft, or both where they are deleted.

What to Do If You’ve Fallen Victim

If you think you’ve fallen victim to a phishing attack, don’t panic. Immediately report it to your local company support team to safeguard your accounts and the company’s systems. If you don’t work for a company, you can still follow these next steps to prevent further damage.

Steps to Take If You’ve Been Phished:

  1. Document Details: Write down as many details as you can about the phishing attack, including any shared information.
  2. Change Passwords: Immediately update passwords on compromised accounts and any other accounts using the same password. Ensure each password is unique.
  3. Enable Multifactor Authentication: Turn on MFA for every account that supports it.
  4. Alert Financial Institutions: If you shared banking information, notify your bank to prevent potential fraud.
  5. Report to Police: If you’ve lost money or been a victim of identity theft, file a police report.

Summary:

Phishing emails are a major threat that can lead to serious consequences like financial loss and identity theft. By staying vigilant and recognising signs such as suspicious links, unfamiliar senders, or urgent requests, you can protect yourself and your organisation. Always take a moment to verify the legitimacy of any questionable emails and don’t hesitate to seek help from your IT department if needed. Reporting phishing attempts through your email platform helps prevent further attacks and protects others. If you fall victim, act quickly by reporting the incident, changing your passwords, and monitoring your accounts. Staying informed and cautious is key to maintaining cybersecurity in today’s digital world.

IWASP is a partnership with the Isle of Wight’s Police, Fire and Rescue, Age Friendly Island and CAB that aims to combat scams such as phishing. If you would like to know more then please feel free to look at the link provided that will take you to their website.

IWASP – Isle of Wight Against Scams Partnership (iow.gov.uk).

Go to press releases & contacts, images & more…

18
Nov 2024
How Does WightFibre Compare to Other ISPs for Gaming?
11
Oct 2024
WightFibre Supports Ability Dogs 4 Young People
11
Oct 2024
HomePass: Parental Controls for Internet Safety