Everything You Need to Know About Phishing

Everything You Need to Know About Phishing

Phishing is a term that you hear a lot these days and that’s because it’s a new and efficient way for scammers to get our personal information and sensitive data. Gone are the days where you receive dodgy-looking letters through the post claiming that you’ve won a sum of money, instead, you’ll get an email or a phone call claiming the same thing. But seeing as it’s still a new term, we’ll be explaining everything you need to know about phishing, including what it is, how it works and how to spot a phishing scam.

What is phishing?

Phishing is a term given to online scams. Usually, phishing is carried out over email, but there are other correspondence that you could receive that are highly-suspicious. Other ways in which scammers could get in touch with you, aside from emailing you, would be: phone calls, text messages.

Social media messaging or through online applications. The aim of phishing is to gather as much personal data on you as possible, with the sole goal being to steal either your money or your identity, or both. They will prey on both domestic and commercial internet users, but spotting a phishing scam is straightforward in both capacities, something we’ll discuss later on in this article.

Why is it called ‘phishing’?

The term ‘phishing’ is a derivative of ‘fishing’, simply because when one goes out fishing, they’re hoping that a fish will take the bait at the end of their hook. They need to make that bait look as tasty and as interesting as possible in order for the fish to bite. This is essentially what the scammers are doing through their emails, text messages, phone calls and more. Most people will ignore scam correspondence, but it only takes a few people to take the bait for a scammer to come away with a considerable amount of money that has been, effectively, stolen.

How does a phishing attack work?

As we’ve already discussed the origin of the name ‘phishing’, let’s now discuss how it works. Much like when catching fish, you need some bait to get a bite. This is what scammers are doing, digitally, to recipients of scam emails, texts and other correspondence, including physical letters, although these are less common in this day and age.

A scammer needs to have a hook in which for you to grab hold of. This usually comes in the form of something that is too good to be true, such as winning the lottery, or to scare you, such as claiming that you’ll be sent to prison if you do not pay the tax you owe. They prey on those who will fall for these scams by taking advantage of their emotions in the moment.

Once you have taken the bait, in order to claim your lottery winnings or to pay the tax you owe so that you don’t go to prison, you’ll be asked to part with a range of personal information. It could include all of the following things or a few things on the list below. Either way, when armed with your sensitive data, they’ll be able to hack your online accounts, including your bank account. That sensitive data could include some or all of the following:

  • Your name
  • Your date of birth
  • Your address
  • You account username
  • The password to your account
  • Your bank details
  • Your debit or credit card information

What are the consequences of phishing attacks?

It’s difficult to know absolutely the true cost of phishing scams in the UK. There are likely to be hundreds, if not thousands, of people across the country who have lost money to phishing scams who have not come forward and reported their experience. Whether this is down to embarrassment or lack of motivation, it makes it hard to put an exact figure on the amount that Brits have lost to online scams.

However, according to IT Governance, 6 in 10 mid-sized organisations across the country have fallen for phishing scams, resulting in an average loss of around £245,000 in 2023 so far alone. Venari Security states that, in 2023, organisations across Britain lose around £150 for every piece of information stolen through a phishing scam.

More worryingly, IT Governance claims that the average wire transfer attempt made in BEC attacks was around £76,000 on average in 2023, which is a considerable sum of money that is ending up in the pockets of criminals. This significant financial loss can have detrimental effects on the running of their business, the lives of their employees and their reputation as a whole.

Phishing attacks: the signs to look for

It’s important that everyone knows what to look for in order to spot a phishing scam. This will reduce the amount of people who, unfortunately, fall victim to phishing scams. We’ve already touched upon the consequences of phishing scams and emails, so protect yourself and others around you by looking out for the following signs and share them with other people so that they know what to look out for as well:

Poor spelling & grammar

Phishing emails and other scam content will have been written quickly or through the use of AI writing software. This often leads to basic errors being made in both spelling and grammar. Even the most convincing phishing emails will contain mistakes, such as sending content to a British recipient that is full of Americanisms, such as spelling ‘organisation’ with a ‘z’, to become ‘organization’, to name just one of the errors that could be made. Look out for improper or sloppy spelling and grammar mistakes and this should point towards whether or not an email is a scam or a legitimate correspondence.

A strange URL

Whether you’ve been sent an email with a link in it to another website or if you’ve clicked on a website that looks legitimate but isn’t, something you can do to make doubly sure that it’s a legitimate website is to check the URL. If it looks strange or unusual in any way, then it’s likely a bogus site and you shouldn’t use it.

This is because scam websites have the sole aim of tricking users into parting with their personal information or as a way of infecting their devices with malicious software or malware. According to Go Banking Rates, there are websites out there claiming to be the real deal, but their URLs are different and strange if you look at the official URL.

For example, the URL for Tiffany & Co is www.tiffany.co.uk, but on the list outlined by Go Banking Rates, there is a site out there claiming to be them, although the fake URL is TiffanyCoShop.com. The Australian Broadcasting Corporation claims that fake websites are vastly becoming the latest tool to steal personal information.

A sender address that seems unusual

Email addresses or telephone numbers that look unusual are often suspected right away as being a phishing scam. Email addresses that contain a series of random numbers, special characters or capital letters will, most likely, be a fake account, used to hoodwink email receivers. These days, scam emails can look identical to the real thing, so it’s becoming increasingly more difficult to identify a fake email.

Checking the email address is often one of the most effective ways of pointing out scam emails. Most recently, according to the Wrexham Council News, there have been over 3,400 reports of fake emails being sent under the guise of TV Licensing. Recipients are being told that their TV licence is about to expire or that there’s been an issue with their direct debit payment.

The links supplied will take the recipient to a website that is not legitimate but that looks wholly genuine. This only makes for recipients who are now more than willing to part with their sensitive information, because it looks legitimate. TV Licensing have been notified and they have since published literature on how you can spot fake TV Licensing emails and other correspondence.

A message that seems too good to be true

As we’ve already touched upon, the whole point of a phishing email is to “get a bite”, so to speak. They’re not going to entice many people in by offering something mundane. They want to shock the sender.

Whether they send an email claiming you’ve won £100,000 and you need to give your bank details to them so they can wire the money or if they say that your bank account has been hacked and you need to send sensitive information to recover it, they want to jar you enough to take action.

Regardless of whether the message is too good to be true or if it seems suspicious in any way (because a bank will never text or email you asking for your personal information), you should never hand over any information to them. Instead, it should be seen as a sign that you’re the target of a phishing scam and it should be reported here.

ICU IT are pleased to offer clients throughout Derby and beyond sterling IT management services, cloud hosting services, IT support and business continuity, to name just a few of the specialist IT services we have available. If you would like further information about how we can protect your business from phishing scams, get in touch with a member of our dedicated, professional team today – we’re always pleased to hear from you.

Recent Posts