23 April 2020
Phishing and SMS-ishing messages are sent to you, often pretending to be from legitimate organisations like a bank, utility provider or government agency. Cybercriminals send out millions of these fraudulent communications to random email addresses and phone numbers in attempts to coax people into providing their personal information or access to personal accounts for malicious purposes.
Phishing emails range from very simple all-text emails to sophisticated, well-written emails with very carefully crafted messages and graphics.
If you do give information to a cybercriminal operating a phishing campaign, they may attempt to take over your identity, compromise your online accounts, attempt to steal money from your bank account or attempt to conduct fraudulent transactions on your credit card.
What can I do to protect myself?
- Always navigate to banking, government or utility provider websites directly, not via links in emails or text messages.
- Look carefully at the suspected phishing message and spot anything not quite right, like tracking numbers, unusual names, funny attachment titles, odd sender names or sender email addresses and strange web addresses.
- If you’re on a PC or laptop, hover your mouse over any links to see if they’re real websites, being careful not to click.
- Research the sender, their email address or the subject line on Google to see if it’s been reported as malicious.
- Get in touch with the organisation the email is supposed to be from using their official phone number (obtained from their website when you type in the URL - don’t use links or contact information on the email) to verify its legitimacy.
- You can also check an organisation’s mobile app, social media presence or website to check whether something is legitimate.