What is phishing?
Phishing (pronounced fishing) is the act of criminals deceiving internet users by pretending to be a legitimate person or website. Usually phishing is done to obtain confidential information - think credit card numbers, bank login details and so on.
To protect yourself from phishing scams be aware of phishing techniques and apply good security practice (e.g. long and strong passwords and two-factor authentication) in case you do unfortunately fall for the scam.
Red flag: URLs don’t match up
Has your bank sent you an email lately – it might look real (and it might be), but save yourself from a potentially expensive mistake by typing out the web address of your bank (not the link URL) in your browser instead of clicking the link in the email.
When you do enter your details online – anywhere – always check the website URL to ensure it is the one you are expecting. The URL may look real, until you closely and realise there is one letter different.
Red flag: Spelling and grammar
When legitimate communications are sent from banks and other large organisations, they’re often combed through with legal and wordsmiths to ensure everything is ship-shape.
So if your “bank” has emailed you something along the lines of “Dear valued customer, can u pls check your login detail by clikking this link . thank u very much” – think again before clicking.
Red flag: you’re not a member of that organisation
Have you ever received an email from an organisation that you don’t belong to? Save yourself the stress of being vulnerable, and don’t open the email – and especially don’t click on any links.
Red flag: You’re asked to send money
One surefire sign an email is a phishing scam is that you’re asked to contribute to expenses. It sometimes takes a few emails deep once you’ve built a rapport or trust with the person at the other end of the email conversation.
If in doubt, call to verify
If you’re not sure if an email is from a legitimate source, call the organisation who may be being misrepresented and verify the content with them.
Spot the difference!
Like many high profile global organisations, Xero's brand has been exploited by criminals for phishing. Millions of invoice emails are sent from Xero every month, making them an obvious target for impersonation to lure internet users into clicking on that link.
Which of the following real-life examples is legit and which is false?
In this example, the first example is a phishing scam. The only tell-tale sign was referring the recipient as ‘Customer’ as opposed to the subscribed name they do in other email communications
Stay safe out there, and keep vigilant!