We understand that the world wide web is a big, scary thing for most people, so each month we’ll try to take a word, acronym or phrase and explain to you in simple, ‘non-techie’ terms what it all means. This is DBG’s Digital Definition of the Month!
So what is Phishing?
Pronounced just like the word ‘fishing’, phishing is actually the act of trying to get hold of sensitive information via an electronic communication by pretending to be a reputable company. This sensitive information may include your passwords, credit card details, or even your date of birth.
Phishing messages are also often sent to spread viruses that install malware onto your computer, usually designed to either steal passwords or lock the user out of their computer until a ransom is paid. We’ve recently seen an example of this in the UK where hundreds of thousands of people were exposed to the ‘Peter Pan Virus‘.
It’s highly likely that you’ve all seen potential phishing emails before from a bank or financial institution, as these are the most popular. Here is an example phishing message received by a DBG team member:
Now the very helpful red message from Outlook immediately warns us that this may be a phishing message, which is great, but let’s pretend you don’t have this sort of message. What other things can you look for to identify a potential phishing message?
- Look at the purple box towards the top – already we can see that the email was sent from firstname.lastname@example.org – the ‘k’ at the end of the address isn’t right.
- Directly beneath that in the blue box we can see the email subject, which is ‘Dear PayPaL Customer”. Referring to the PayPal logo within the email, we can see that there is no capital L at the end of their business name. More alarm bells should be ringing by now!
- In the middle of the email, there is a button asking the recipient to click to confirm. When the link is hovered over (without clicking!), the link that shows is something strange and doesn’t look legitimate.
If you are ever in doubt as to whether or not you’ve received a phishing email, it is always best to never click on anything in the email and instead either log into the website directly, or even call the company direct to see if there is anything that needs your attention.