How to avoid being “phished”

We began writing articles warning the perils of phishing (emails that appear to be from reputable organisations collecting personal and confidential information from unwary users) in our newsletters over ten years ago, but in recent times the issue has come to light again.

As we reported then, a typical phishing scam will be an email claiming to come from a bank, commercial business or other organisation. Such emails typically ask you to provide information that the organisation should know already, so be wary of responding to or clicking on the links to the emails. It is strongly recommended you delete these emails. It may ask you to click on a link to confirm your account details, or complete a survey to receive a gift voucher. By clicking on these links and entering your information, you may be actually sharing the information with others you do not wish to share it with.

It is important to understand phishing emails use fraudulent email accounts to make you access their websites and provide your confidential data to them. Most times, the website and email address is fake and when picked up by authorities, they are blacklisted and removed from the internet. However, some times this may take a while to occur. In this cases, there are some rules you should follow if you receive such an email:

  1. Be cautious when opening emails, even if they appear to be from someone you know. Most importantly, do not click on any links or open any attachments. A virus infection might occur if you do this.
  2. Check the email for bad spelling, grammar errors or strange formatting.
  3. Contact the bank itself to see if it actually issued the request to update your details.
  4. Forward the email to the “abuse” account for your Internet Service Provider (ISP). They will often have the means to blacklist the address or advise the police if necessary. However, do not forward it to your friends or colleagues, even if it is just a warning.
  5. Ensure you have internet security software installed and keep it updated.

Our advice is that you never respond to such an email, and that you confirm with the organisation that it is fraudulent and then delete it. Most organisations would not request such personal information from its clients over the internet.

If you are unsure whether or not an email you have received is actually genuine, contact the organisation by phone or visit their website. Do not use the details provided in the email itself, look up the correct details in the phone book or visit their website.

To help you become aware of phishing emails, here are some samples:

 How to avoid being "phished" - Email from PayPal  How to avoid being "phished" - Email from Apple
How to avoid being "phished" - Email from Westpac How to avoid being "phished" - Email from Telstra

If in doubt in any way, even if you recognise the organisation or do deal with them, it is recommended that you do not open the file and delete it immediately. If you feel you have been compromised, call the organisation to ensure that you are protected.

In addition to phishing emails, another ploy is the Microsoft phone scam. It is also important not to allow organisations reporting to be from Microsoft calling you advising you of issues with your computer to take control of your computer. These are hoaxes Microsoft has released an article advising of how to avoid the phone scams which can be found on the Microsoft Security website (link opens in new window).

For more advice and support, please contact us to enlist our Support computer solution to help remove these threats, and Training computer solution to help you understand and prevent such issues occurring in your organisation.