What is phishing and how does it work?

Jun 2019

Messages asking you to "confirm" or "verify" your personal or financial details are a common lure used by criminals. Don't get hooked. Here's what you should do....

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – people open the doors to their personal data, giving up login details, passwords or even payment details to malicious e-mails, links or websites designed to look like they’re authentic. That information can then be used to commit fraud and cyber crime.

Holy Mackerel – Phishing is a huge problem.

Phishing attacks are a common security challenge that both individuals and companies across the UK face on a regular basis. Verizon’s 2018 ‘Data Breach Investigations Report’ showed that more than 90% of all malware is still delivered to victims via email. Between April 2018 and March 2019, social media and email account compromises were the most reported form of cyber crime to Action Fraud with victims losing a combined total of £19m – our analysis shows that phishing emails were a common enabler for these compromises. That’s why this National Fish and Chip Day (7th June) we’re working with police forces across the UK, Government departments and industry partners to deliver a national campaign on how people can protect themselves from phishing.

Always take five and mullet over. Your money depends on it.

Some of the most reported scams to Action Fraud start with an unsolicited text, email or call. From emails and text messages asking you to “verify” account details to cold callers claiming to be from your bank, the goal of a phishing attack is usually the same, to trick you into revealing personal and financial information.

Criminals are constantly evolving the tactics they use to carry out these phishing attacks, which is why it’s sometimes difficult for people to know what to look out for.  We’ve got some simple advice that can help you protect yourself from most phishing attacks – don’t click on the links or attachments in suspicious emails, and never respond to unsolicited messages and calls that ask for your personal or financial details. If you think the communication might be genuine, then contact the company directly using contact details you know to be correct, such as the phone number on official correspondence, and not the contact information  provided in the message.

For more simple tips on how to protect yourself online, visit cyberaware.gov.uk. If you have been a victim of fraud or cyber crime, report it to Action Fraud at actionfraud.police.uk.