In 2013, most of us are now aware of the online threat known as 'phishing', where cyber criminals use various techniques to gain access to your email or social media accounts or, worse, get hold of your bank account or credit card details.
However, you might not realise that phishing has evolved. Criminals now use increasingly sophisticated con tricks and scare tactics to dupe unsuspecting victims into handing over their sensitive data.
These days, phishing emails are less likely to come from fictitious foreign royalty and more likely to come from one of your social media connections or a trusted business contact – at least, that’s who the email will appear to come from
In reality, the sender will be a skilled confidence trickster prepared to spend time and effort slowly reeling you in.
Last year, the German Federal Court ruled that where people had fallen for phishing scams that appeared to originate from their banks, the victims were responsible for the losses, rather than the banks. This ruling may set an international precedent, which means protecting yourself against phishing could become even more important.
Here are my top three tips to avoid being hooked:
1. Slow down and don’t panic
A common technique among phishing emails is to try to panic you into a kneejerk reaction.
For example, you may receive an official-looking email telling you that one of your online accounts has been compromised and urging you to update your password via a link provided.
Or you might be told your computer has a virus and that you need to download a new piece of software to repair it.
Don’t bite – these are very likely to be phishing scams.
Most reputable companies will never send emails asking for sensitive information such usernames, passwords, National Insurance numbers, bank or credit card details.
In the digital age, we’ve become accustomed to doing things quickly, often in a couple of clicks. A key to avoiding phishing is to slow things down.
If you receive an email that alarms you for any reason, treat it as highly suspicious and, above all, don’t click any links it contains.
2. Go direct
Many phishing emails link to spoof websites that are practically identical to the real sites they are trying to mimic, such as your bank.
Some of these sites will collect your login information and then do nothing (alerting you to a problem) but others will link you back to the genuine site, covering their tracks.
If you receive an email containing a link, hover over it without clicking to reveal the web address that it will take you to.
If it contains long strings of numbers or looks different from the usual web address of the sender (e.g. if ‘Twitter’ is spelled ‘Tvvittler’), it’s dodgy. Note the address, then contact the company involved directly to find out if the email is genuine or not.
However, be aware it's not always easy to spot dubious links. It's always safer to type in the correct website address manually, then sign in yourself.
3. Don’t be over-social
The rise of social networking has been a gift to cyber criminals. Most social network users willingly share masses of personal information on their public profiles. This often includes the names of spouses and children or family birthdays.
Unfortunately, the same people often use this information as the basis of their passwords. Scammers can also use this information to impersonate a trusted contact via an online message or email.
If you use social media, check your account settings to ensure your personal information can only be viewed by those in your network or, better still, be sensible about the information you post in the first place.
Also, never use the same password on multiple online accounts. Use a strong, unique password for each, protecting against a domino-effect where one account after another is hacked using the same password
Norman Begg works for online security company my1login.