Phishing

Andy, who volunteers with the Provincial Communications Team, shares some tips about how to tell what’s an attempt at fraud and what’s genuine. 

A phishing email is an attempt by criminals to use someone else’s details or website design to trick people into parting with money. For example, you might get an email from a person known to you, but from a different email account, an email from a supplier such as Amazon, or one from a payment platform, e.g. PayPal. I’ve had all of these in one form or another. 

These emails will try and get you to part with money or personal information that will be sold to those trying to get money. 

And it’s not just emails – text messages, social media and phones can also be used. Recently, I had an automated voice message at the office saying that our internet service was being stopped. It wasn’t because the message came from the wrong provider. 

But they sound and look genuine. 

Emails will be sent to millions of people asking for information such as bank details or containing links to websites intent on getting information from you.  

Some phishing emails may contain viruses disguised as attachments which activate if opened. A few years ago, a colleague forwarded me such an email without realising the attachment contained a virus, and because it came from her I opened it. I had to spend the rest of my day restoring my computer and files. 

What steps can I take? 

Information from your social media accounts – Facebook, Twitter, Instagram – leave a digital footprint that can be exploited by criminals. Publicly available information about you makes their phishing emails appear convincing. Check your privacy settings and think about what you post, and who can see them (Facebook posts could potentially be seen by everyone on Facebook unless you tell them to only share your posts with Friends). 

Also, be aware what is said about you online as this can also reveal information that can be used to target you. 

If you have received an email which you’re not quite sure about, forward it to the government’s National Cyber Security Centre’s suspicious Email Reporting Service – report@phishing.gov.uk

What to do I do if I’ve already clicked a link?

Don’t panic and don’t worry. Open your antivirus software and run a full scan, and follow any instructions given (for example, deleting files that contain a virus). 

If you’ve been tricked into providing your password, you should change your passwords on all your other accounts, as soon as possible. 

And if you have lost money, you need to report it as a crime to Action Fraud. www.actionfraud.police.uk

What are the signs? 

Spotting a phishing email can be very difficult. 

Is the email addressed to you by name or does it use a generic title such as ‘valued customer’, or ‘friend’ or ‘colleague’? This can be a sign that the sender does not know you.  

Is it an official-looking email with logos and graphics, and is the design and quality what you’d expect or have received from that company before? 

Does the email contain an urgent action? Is it asking you to do something in the next day, or contains a link that you must click on immediately? 

Look at the sender’s name and email address. Sometimes there are words inserted to make it look like an email from a company or supplier – instead of john.smith@anytowncouncil.co.uk it could be john.smith@helpdesk-anytowncouncil.co.uk which is a totally different website. Just because it contains the name of a company or organisation in the email address, doesn’t mean it’s genuine. 

Details of the sender can be also be masked – the email says it’s come from john.smith@anytowncouncil.co.uk but it might be from some else entirely. 

In my experience, the email was not from the organisation’s email address, but a gmail.com address. Is it likely that a known person in an organisation would use a free email account for official business? If in doubt, check the website of the company or organisation to see if there’s a contact who can verify if the email is genuine. 

Does the email you’ve received sound legitimate? Is the email offer too good be true – e.g. designer trainers for £10, free films when you use this code or click on this link, or a free subscription to a popular, paid-for magazine? 

Banks and other official senders of emails don’t ask for personal information and haven’t done for years so is the email is asking for that, it is probably a scam. Call the bank to check if you’re unsure. 
If you have received an email which you’re not quite sure about, forward it to the NCSC’s suspicious Email Reporting Service: report@phishing.gov.uk