What is Phishing?
Phishing is any attempt to obtain sensitive information such as usernames, passwords, and credit card details by posing as a reputable entity in emails or other forms of online communication.
E.g.: someone pretending to be from your bank sending an email to ask for your PIN or online banking username and password.
Spotting a fake email
Rule no.1: Always be suspicious.
Check for these 3 things in every email you get from what seems to be a legitimate sender/institution:
- That the spelling of the sender’s email address is accurate: sometimes it only takes one changed letter to steal your data.
- That it’s your address in the TO section. Not you and some other people, not the sender itself with your address in cc.
- Spelling errors: an email that is really from a bank or some other institution will not contain blatant spelling errors.
Rule no.2: Make sure the email is personalized and contains your name – no “Dear client,” no “Hello, Valued Customer”
Rule no.3: Never click on a link or open attachments (even PDFs) you were not expecting to receive.
Rule no.4: Remember that banks & other institutions will never ask for your confidential info in an email. They might call you or send you a letter by post, but not an email.
Rule no.5: When in doubt, just DELETE!
If you have a feeling that the email is fake but can’t really tell for sure, better to be safe than sorry and just delete it.
Rule no.6: Use different passwords
Never use the same password for most – or worse, all – your accounts. If someone gets their hands on your credentials for one website, then they’ve got the key to all your online accounts. Ouch!
Rule no.7: Protect your connection
Especially on open WiFi networks, use a Keezel to create your own private hotspot and protect yourself from website spoofing attacks.