Phishing attacks and how to prevent them


Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. Victims receive an email or a text message that imitates (or “spoofs”) a person or organisation they trust.  When victims opens the email or text, they find a message meant to fill them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence. 

If users take the bait and click the link, they will be sent to an imitation of a legitimate website. From here, they are asked to log in with their username and password credentials. If they do so, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, sell personal information on the black market, etc.

A little discipline and some common sense will go a long way to identifying a phishing attack. Here are some things to look out for :

  • The email makes an offer that sounds too good to be true. It might say you have won the Lotto or an expensive prize.

  • You recognise the sender, but it is someone you normally don’t communicate with.  

  • The message sounds scary and may contain alarmist language to create a sense of urgency, exhorting you to click and “act now”, for example, before your account is terminated.

  • The message contains unexpected or unusual attachments. These attachments may contain malware, ransomware, or another online threat.

  • The message contains links that look a little strange. Hover your cursor over the link to see the actual URL. Be especially on the lookout for subtle misspellings in an otherwise familiar-looking website. It is always better to directly type in the URL yourself rather than clicking on the embedded link.

While most Internet browsers have ways to check if a link is safe, the first line of defence against phishing is your own judgement. Some simple guidelines will also help :

  • Don't open e-mails from senders you are not familiar with.

  • Don't ever click on a link inside of an e-mail unless you know exactly where it is going.

  • If you get an e-mail from a source you are unsure of, navigate to the provided link manually by entering the legitimate website address into your browser.

  • Look out for the digital certificate of a website.

  • If you are asked to provide sensitive information, check that the URL of the page starts with “HTTPS” instead of just “HTTP.” The “S” stands for “secure.” It is not a guarantee that a site is legitimate, but most legitimate sites use HTTPS because it is more secure. HTTP sites, even legitimate ones, are vulnerable to hackers. 

  • If you suspect an e-mail is not legitimate, take a name or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.

  • Hover over the link to see if it is a legitimate link.

And above all we recommend using some sort of anti-malware security