Gone Phishing!

GONE PHISHING!

Highlighting the modern curse of online scams and offering some simple protection advice.

Unfortunately we seem to be living in a time of cheats, liars and out right thieves and that just our esteemed elected members and leaders! However, there’s another crew of would be thieves out there who are clever, resourceful and remorseless – scammers. In this blog I aim to offer a little guidance on the different types and strategies aimed at emptying our bank accounts and some tips on spotting their fiendish tricks. 

The trust of the innocent is the liar’s most useful tool

Stephen King, Author


Scammers seemed to have excelled at the University of Cyber crime and have really become very smart these days. Armed now with tools like generative AI they can easily replicate and mimic the branding, writing style and tone of trusted legitimate companies.

Thankfully there are still some telltale signs that can help you identify a phishing attempt on your finances and I’ll go on to discuss these red flag signs. First though, we’ll look at the various phishing email types and strategies.

Phishing Email types

What is a phishing email? In simple terms it’s an online scam aiming to trick the vulnerable targeted recipients into providing sensitive information; personal ID details, login passwords and credit card numbers etc.

Spear Phishing

Spammers use information harvested from social media or other sources to create personalised emails that appear legitimate and designed to win your trust.

Pharming

Pharming is clever; redirecting users from trusted, legitimate websites to bogus ones to harvest the required personal and financial information. e.g. An email arrives from your Bank asking you to log in to your account via the provided link. No surprises in guessing that this link leads to an identical looking fake banking site. Very naughty!

Clone Phishing

Clone phishing is quite common and works by creating a good identical copy of a previous received email but with added nasty links or attachments. e.g. The scammer may claim to be resending the email due to a failed delivery attempt or a requirement to update their records.

Whaling (who names these?)

A whaling attack is a form of spear phishing but focused on senior executives, CEOs and other high-profile targets. The aim is to steal sensitive company financial information and initiate their fraudulent transactions.

Vishing (Voice Phishing)

Vishing, or voice phishing, is a bit different to others mentioned, it uses old-school phone calls instead of emails to scam their targets. e.g. a direct call claiming to be from your bank, stating that there has been suspicious activity on your account. It will then ask you to call back using the number provided number, which of course… leads to a scammer.

Smishing (SMS Phishing)

Smishing is similar to phishing but uses SMS texts. Promising an enticing offer or similar, the message directs users to malicious websites or asks them to provide personal information via text.

There are two ingredients to deceit: a good bit of truth and a few little lies!

Billy Graham, American Evangelist

To increase your chances of being protected against such emails, look out for these five key indicators:

1. Suspicious Email Addresses

You’ve received an email that looks like it’s from a company you know, but on closer inspection the sender’s email address does not quite match. It could be a random name or subtle typos like “pay-pal.com”. Also, legitimate companies don’t use public domains like @outlook.com, @gmail.com or any other free email services. These details are clear indicators in a potential phishing attempt.

2. Grammar and Spelling Mistakes

Emails with grammar and spelling errors signals a potential scam attempt. Also sentences with awkward phrasing is another good indicator. Real businesses are protective of their brand and understand that basic mistakes don’t make a good professional impression.

3. Unpersonalised Greetings

If an email starts with “Dear Customer” or some other vague generic term instead of your name, be alerted that legitimate companies you do business with will have your name in their database. You’ll not be surprised to learn that this indicates the sender doesn’t actually know you.

4. Suspicious Links or Attachments

Be aware if you receive an email with an attachment, perhaps claiming to be an invoice, receipt, or a “special offer” may be a phishing attempt. Click on them accidentally, and you might be introducing malware to your computer. You can help protect yourself by checking the URL before clicking. Hover over any links to see where they’re really taking you. If the email says it’s from your bank but the link points to a domain unrelated to the bank’s actual URL, that’s a real red flag indicating all is not what it seems.

5. Personal Information Requests

You may receive an email like “We’ve noticed some suspicious activity on your account, for security, please confirm your password”. No genuine company will ask for sensitive information like passwords and credit card numbers via email. So no matter how official an email looks, remember never reply with your personal information and only log into your account through their official website.

Life can be difficult enough without having to safely navigate around these criminal schemes or should I say scheming criminals. My final bit of advice is easy to remember – Always STOP, THINK and CHECK before you act. Make it second nature. Stay safe out there folks! I’ll leave you with a little song… 

You lie, steal, cheat and deceit
And trample people under your feet
Don’t you know it is wrong
To cheat a trying man?
The Clash, Wrong ‘Em Boyo Lyrics