Phishing is a cybercrime in which a victim is contacted by email, telephone, text message or social media by someone posing as a legitimate contact or company, such as Fetch or iProspect.
The aim is to trick the victim into disclosing confidential information or performing an action that can be used to defraud them.
This could include obtaining confidential information through social engineering, clicking on malicious links that lead the victim to a fake website or service that captures sensitive information when entered or malicious attachments that infect the victim’s device to steal information.
Urgent Call to Action – Scams are often laced with a sense of urgency to fluster you into acting impulsively.
Deceptive Links – Phishing emails may contain a malicious link disguised as something harmless. Hover over the link without clicking to reveal its true origin.
Attachments – Beware of attachments within emails. Once you click to open it, the damage may already have been done. If you weren’t expecting the email, don’t open it.
Misleading Sender – Do you know the sender? Are you a customer of the company they are claiming to be from? Is the company name slightly different? Are you asked to contact a generic email, not associated with the company? It is common for phishers to use fake websites that look the same and have a similar domain name and may direct you to submit personal information to a Hotmail or gmail they created for their scam.
Generic Greeting – Be suspicious of generic greeting such as ‘Dear Customer’. If the
message is for you, it will usually be addressed using your name.
Be Cautious of Personalisation – Be cautious of tailored or personal scams addressed directly to you. Hackers can easily gather your information and attack you directly if they want to.
Poor Spelling and Grammar – Phishing campaigns often rely on quantity, not quality. Poor spelling and grammar reflect a lack of quality control so be vigilant.
If you see anything suspicious on social media or messaging applications, report it directly to the platforms immediately. These platforms have built in reporting for fraudulent and abusive content.