What you need to know about “Phishing”.
To get this corner going, we are going to start off by providing some insight into one of the oldest, most effective and frequently used methods for stealing your data or access credentials. “Phishing” is an extremely effective way for hackers to get hold of your usernames & passwords, and this method is still being used extensively today. We find it worrying that even some of the people we know who are extremely experienced with Internet and computing get caught in the trap, so we thought it might be useful to explain how this method works and share some of the things you can do to significantly reduce the chances of you falling for it too.
How does “Phishing” work?
Usually, you would simply get an email from Facebook, your bank, from Netflix or some other service you use or are associated with. When you get this email, it would appear to be completely legitimate because they are increasingly more sophisticated and precise, so they really do look like they were sent by the company they are claiming to be. The content of the email will sometimes even greet you with your name and then provide you with some information which will then prompt you to act. Usually, it would be something like “We are contacting you because we need you to update some information in your account to prevent it from being suspended” or “Your account is on hold. Update your membership with us”.
Of course, for your convenience, a link or a button is provided for you in the email so that you can click on it to go directly to the place you need to be in order to “update your details” etc.
When you click on the link however, it will most probably take you to an identical copy of the “login” screen that you would expect to see. A perfect copy of the Facebook login page or from your Bank. When you fill out your login information and click on “login”, your username and password is actually being sent to the hackers. In some occasions, the level of sophistication of these sites is so good that it will actually take you to the “real” version of the site afterwards and log you in so that you suspect nothing. In the meantime the hacker has your credentials.
What damage can this do to you?
Once hackers have your username and password, there is a lot they can do with it. Some use it to hijack your Facebook account and take it over to post information, but more damage can be done by simply having the credentials because there are thousands of websites and paid services that you can access if you “subscribe/register using Facebook”. Clearly if the “Phishing” email is asking you to update payment details, then you are providing your credit card details to hackers. Needless to say, the consequences can be serious.
In order to understand how this could affect you, just think about the services and platforms you use online and what someone else could do with it if they had your username & password. The first thing the hacker usually does is change your password so you no longer have access and they take full control.
What can you do to reduce the risks?
In most cases, the easiest way to spot these “Phishing” mails is actually very simple. Just look at the email address that the email is coming from! Nowadays, the email systems we use rarely actually show us the sender’s full email address. It just shows us their “declared name”. So I could send you an email stating that my name is “Facebook” but my email address is completely unrelated. Even though your email software on your phone, tablet or computer is “telling” you that the email is from “Facebook”, “Microsoft”, “Netflix” or your bank, if you look closely at the email address it is coming from, you will probably find that the email address is not consistent with the company they are claiming to be. This week, I received an email from “Netflix” telling me that I should “Update my membership and that they were unable to take the payment for my last plan”. The email itself looked totally legitimate, with all of Netflix’s contact details, corporate information and links. When I looked at who this email was coming from I could see “Netflix Support”. However when I looked at the actual email address written out in full it was as follows: “email@example.com”.
As you can see, this email is clearly completely unrelated to Netflix so I simply deleted it. What you need to bare in mind though is that some of the email addresses that these emails sometimes come from are also increasingly sophisticated so that they almost look real. For instance, the email could have come from something like: “firstname.lastname@example.org/” even something like this is not a legitimate mail coming from Netflix, it is an email coming from “someotherdomainname.com”.
Even if the sender’s email address might fool us and we click on the provided links or buttons, another Tip is to check the URL where this link is taking us. This will also help us understand if it is legitimate or if the link has taken us to a website that looks totally unrelated.
The safest bet is to be sceptical about any emails you get, especially when you were not expecting them. And if you are unsure, leave aside the email, don’t click on anything and contact the company directly to ask them if the email they sent is legitimate or not.
We sincerely hope this information was useful and we look forward to sharing some more tips with you in due course.
Best regards from the whole team at Direct Telecom