Phishing is a type of cyberattack that involves sending deceptive and fraudulent communications that appear to be from legitimate and trustworthy sources through emails, text messages, and phone calls to trick victims. Usually, phishing scams aim to steal money, obtain sensitive information or passwords, or put harmful software on the victim’s computer.
Examples of phishing scams include:
Email Phishing
This attack is an effort to fraudulently obtain important information by sending an email that looks like it’s from a reputable organisation. Email phishing always targets a large number of people. Therefore, it is not always personalised and can be sent to millions of recipients.
Spear phishing
Spear phishing is similar to email phishing. However, spear phishing involves highly targeted and personalised messages. An example of spear phishing is when an employee receives an email from scammers posing as their boss, asking them to transfer funds to a specific account.
Smishing
In smishing, scammers use text messages to send malicious links or instructions to call a specific number. These messages always claim to be from political or government agencies, and sometimes banks.
Voice phishing
Voice phishing happens when a caller pretends to be from tech help, a government group, or any other organisation. They aim to get personal information like bank or credit card details.
Malware phishing
In malware phishing, targets are enticed to click a link or download a file so that malware can be downloaded and installed on their device.
Dangers of Phishing Scams
Phishing scams could result in many undesirable outcomes for both individuals and businesses. Some dangers of phishing scams include:
Direct financial loss
Victims of a phishing scam could lose money to unauthorised transactions or fraudulent purchases.
Identity theft
Scammers can use the credit card numbers or other personal information of individuals to commit fraud, which can lead to long-term financial or legal issues.
The reputation damage of businesses
Businesses that have been the target of phishing attacks may lose customers’ trust and suffer reputational damage.
Loss of data
Data loss is the most significant effect of phishing attacks. By clicking on a malicious link in an email, a hacker can gain access to a company’s data and systems and engage in various criminal activities.
Intellectual property theft
Companies can lose trade secrets, new technologies, and investments put into research and development to phishing scams.
What to Do if You Find a Phishing Email
Here is what to do if you find a phishing email:
- Do not click on links or download attachments in a suspicious email or if you are not sure the mail is genuine. To confirm if an email from an organisation is legitimate, call the organisation using a phone number on the organisation’s official website.
- If a suspicious email seems to be from someone you know, get in touch with them using another channel, like a text message or phone call, to confirm it.
- Report a phishing email by forwarding it to report@phishing.gov.uk so that the National Cyber Security Centre (NCSC) can investigate it. If a forwarded email does not get to you because a spam detection service has already identified it as such, take a screenshot of the email and send it to the National Cyber Security Centre.
- Delete the email if you are certain it is a scam.