Online Support Computing Ltd

Tips & Tricks: How to Avoid a Phishing scam

Tips & Tricks: How to Avoid a Phishing scam

Use our Tips & Tricks to improve your efficiency! Our aim is to keep them relevant, concise & accurate.

We’re back with our first Tips & Tricks blog in a while, so we hope you like it.  This time it’s about the dark side of the internet and how you can prevent comprimising your data or losing your account – with a lesson about Phishing.  And no, you don’t need a rod.  

So what is phishing? Phishing is a type of scam, where you will recieve a message (usually either via social media or email) requesting you to action something online.  This could be a spoofed banking email, or SPAM leading you to a ‘nasty blog post about you’.  There isn’t really a ‘nasty blog’ – the idea is to create a sense of panic in the user, so that you won’t risk ignoring it.

How does it work?

Usually, they’ll send a link in their email and encourage you to follow it.  They might be telling you to enable online banking by entering your details on the website or they might send you a link telling you there are images of you posted there.  The idea is, you’ll follow the link, and it will take you to a very real looking login page.  These will be spoofs of trustworthy login pages, for internet banking, email accounts or others.

See if you can spot the difference below (answers at the bottom) – real or fake?

Lloyds Internet Banking

1.

2.

Outlook Web App Login

1.

2.

Gmail Login

1.

2.

Once you enter your details, whoever is running the phishing scam will have the details of your account and can use them to send out spam, or for anything else they might want to.  The most terrifying thing about this scam is that often victims will be totally oblivious.

How to avoid a Phishing scam:

When it comes to how to avoid a phishing scam, a lot depends on whether you are looking for the tell-tale signs.  Luckily, there are a few giveaways.

Sometimes you can tell by the title of the site displayed in the tabs in your browser.  However, as you can see in the picture above, I have the real sites open and the phishing sites open and they look identical.  What then? Well, you should look at the url.  That will nearly always look completely different from the real one.

Above is the URL for the gmail phishing scam pictured above.  As you can see, it looks pretty different to any google web address.  Sometimes though, the scammer will look to spoof the URL for the site they’re copying.  Twitter has been spoofed the most, with sites like https://twitwer.com/ and https://twittersupport.co/ claiming a fair few victims.  So if you’re still unsure after looking at the URL, you’ll need to look at the email closely again.  Banks will often include information such as your postcode at the top of their emails to let you know it’s really from them.  They also won’t ever contact you via email to verify information.

You should always compare it to a legitimate email you have recieved from the same company to see whether they have the same formatting.  If you’re still unsure, you should just contact the supposed sender to verify its legitimacy.  It’s better to be safe than sorry, and often they will provide you with useful informaition regarding how to avoid a phishing scam targeting their customers.

What to do when you have been phished:

If you’re unlucky enough to have been a victim of a phishing scam, you’ll need to reset your password for whichever account was attacked.  You’ll know if you’ve been a victim of one of these scams if your account is being used to send spam to other users (often it will be the same spam message you were originally sent).  Changing your passwords every now and again is a healthy thing to do anyway, but make sure your password is memorable.  It’s also good to remember that if you use the same passwords for every account you have, you may end up comprimising all your accounts – not wise.  If you’re unsure on how to keep your password secure, read our guide here – How secure is my password?

We offer email checks to all our customers – so if you’re don’t want your business to be attacked by phishing scammers, contact us or give us a call on 0208 232 1190.

Answers to the quiz (courtesy of www.phishtank.com)

  • Lloyds Online Banking: Well done if you got this – Number 1 is the real page.  If you got could tell just by looking at the picture, I salute you!
  • Outlook Web App: There is a slight difference, but if you’re not using the page every day, you simply wouldn’t notice.  Number 2 is the real page and Number 1 is the phishing page.
  • Gmail Login: I’ve spent ages looking at this, and I’m sure it’s identical.  But Number 1 is the real page.