How to Identify a Phishing Attack When Browsing Online

Phishing warning” (CC BY-SA 2.0) by Christiaan Colen

No, phishing isn’t just an unfortunate spelling mistake for that popular angling pastime, it’s a genuine threat to businesses and consumers. In 2016, the number of phishing attacks carried out by cybercriminals soared by a whopping 400% and the trend progressed further still last year. Phishing is a particularly dangerous form of cybercrime, as you can unwittingly give out sensitive information about you and your finances at the touch of a button.

What is a phishing attack?

Phishing is considered a social engineering attack, which sees cybercriminals attempt to dupe individuals into giving out personal data, from login credentials to credit or debit card details. The most common type of phishing attack sees attackers masquerade as a trusted organization, resulting in individuals opening malicious emails or landing pages, where they’re then requested for their credentials for the cybercriminal to steal or even made to inadvertently install malware which can steal sensitive information. The impact of a phishing attack can be devastating, from the stealing of personal funds to identity theft.

Pound coins” (CC BY-ND 2.0) by J D Mack

In the UK, a group of cyberhackers almost got away with phishing £60 million from unsuspecting consumers in 2013, creating thousands of fake banking websites to pinch user login credentials to online banking portals.

Top tips for spotting a phishing attack or scam

  • Double and triple check URLs before clicking them
    If someone sends you a URL via an email, instant message or social media post, always make sure you review the URL destination before clicking it, even if you know the person. If you hover over the URL, your web browser will display the destination of the link at the bottom of the screen. Fake or phishing links tend to replicate URLs of established websites, but often include unnecessary words and characters that stick out like a sore thumb once you know what to look for!
  • Are you aware of the source of the link?
    Are you familiar with the individual or organization that sent the link in the first place? Even if you have a hint of doubt about the sender, don’t click the link, it’s that simple. Phishers will do their best to present themselves as convincing, such as a work colleague or friend, so make sure to question everything online; even if it appears safe at first glance. If you want to access that organization’s website, just type the URL into your web browser yourself.
  • Does the email or landing page have a trust seal?
    The majority of legitimate websites will display a trust seal, which is a badge issued by a third-party security firm confirming a URL’s trust score or high levels of encryption. These will usually be visible in the top left corner of your web browser, next to your address bar.
  • Check for SSL certificates on landing pages
    Websites that offer the highest levels of encryption for consumers will also display an SSL or TLS certificate next to your browser’s address bar. This is another important piece of confirmation that the identity of the website is valid and that it’s safe to browse the landing page.

Organizations are increasingly ramping up their investment in cyber security against phishing attacks. Two-factor authentication is a very effective method to make sure that even if your credentials are stolen, cybercriminals can still not access your accounts, incorporating an additional layer of verification to log in, making it virtually impossible for accounts to be compromised. By staying aware of the threats of phishing, you’ll be able to protect your sensitive accounts and information.