Phishing is a cybercrime that is defined by a person or group of people contacting another individual via email, messengers, or phone calls to gather personal information, passwords, or credit card details. Upon collecting the required data, the scammers might hack into a person’s social media accounts to demand money from their friends, while pretending to be them. If they get hold of credit card details, a victim’s money will be most certainly stolen.
What does phishing mean?
The word “phishing” is rather unusual, right? “Phish” is pronounced just like the word "fish". It’s the analogy of an angler throwing a baited hook (the phishing email) and hoping someone will bite on it.
If we look for a “phishing definition”, we’ll find out that the term was coined in the 1990s. Hackers of those times tried to trick AOL users into providing their login information. The fishing metaphor appeared to be fitting and the "ph" was used as part of a whimsical hacker spelling. And so the term was established in the online community.
What is a phishing site?
Essentially, a phishing site is an imitation of a legitimate website that will collect and use your passwords and card details if you enter them while on the website. In this way, you’re giving up this information to a scammer.
You can tell a site like that from the original by comparing the URLs. The criminals will choose an address that is extremely similar to the initial website, but it will differ either by the domain or by a few letters in the name.
How does phishing work?
First, you get a message that contains a link to a phishing site used to get your private data. Such links can be disguised in emails, newsletters, SMS, social media posts, messengers, and ads that you can click on accidentally. The fraudsters hope you’ll follow the link and leave you personal or financial information there. After the criminals collect it, they can sell this information or use it to steal your money.
For example, you can get an email that is seemingly from your bank and that asks you to click on a link to prevent money from being stolen. You should stay cautious even if the HTML link in the message looks exactly like the real address of the bank. There are plenty of ways to conceal a redirection to a different website in a link. Do not click on it—instead, call your bank or use its official website to ask for help.
Otherwise, you might come across websites with aggressive adverts that ask you to subscribe to a newsletter in return to countless rewards. You should be suspicious and check what kind of website it is. Can you trust it?
What is a phishing attack?
A phishing attack is mass distribution of emails and messages or pop-up ads that force you to go to a questionable website by provoking strong emotions. It doesn’t cost a lot to buy online advertising and mailing services, so scammers invest in them to profit from naive people.
How do you tell that it’s a phishing scam? There are several popular schemes that you should know of:
- Someone is trying to access your account! Don’t rush and buy into it if you get a message saying that your social media account has been hacked into. It’s likely to urge you to click on a link to confirm your login details—this might be an attempt to steal your password. Check what email address the notification was sent from and don’t click on the link—type it into the search bar yourself. Scammers buy email databases for mass mailing even though it’s considered a criminal offense.
- Pop-up ads. When you pay for your shopping online, watch out for pop-up ads that may try to steal your card details. We recommend installing an extension that blocks pop-ups or getting specialized software that counteracts phishing attacks.
- Fake charities. Scammers often play the pity game and pretend to be charities asking you for donations. Before you decide to send money to an organization, check if it’s a real company and make sure that it’s not an imposter that steals money from the real charity.
- Extra special bundle deals in online shops. You must have come across a phishing shop whose landing page would call you to buy a limited amount of expensive clothes with an impossibly good deal—a website like that is almost certainly a fraud. Sites that copy real online marketplaces and lower the prices will ask you to complete authentication and enter card information before the purchase. Don’t go ahead and fill out the forms—you might lose all of your money.
- Congratulations, you won a lot of money! If you get a message about a fantastic giveaway or lottery that you’ve never taken part in, don’t open it and click on links that it contains—curiosity killed the cat.
How to prevent phishing
To avoid becoming a phishing victim, think critically about any information on the internet. Don’t trust suspicious lotteries, games, and emails. Don’t open attachments and links if you’re not sure about their safety. Protect your computer with antivirus software and ad tracking blocker.
If you receive an email from one of your contacts, but something about it seems off, contact the person that it came from to find out if their account has been hacked. Keep your passwords in a secure location and don’t use the same password for all of your accounts. Make sure your login details are not easy to guess and change them regularly. Many websites and devices have the option of two-step authentication which makes data theft far more complicated.
Stay alert when you enter your card details online. Make sure that the website you’re making the payment on has the secure https connection—it can be recognized by the padlock symbol in the search bar. You can look at the security certificate if you click on it. Don’t give passwords and other private information by phone, even if the caller introduced themselves as a bank employee.
Avoid using public Wi-Fi, especially to enter passwords and pay for goods—it’s easy for scammers to capture this information if the internet connection is not secure.
What to do if you responded to a phishing email
If you’ve accidentally entered your details on a questionable website, you should instantly change your login and password. You can tell that something is wrong if you can’t access the website after you enter the information. Ideally, you should install an antivirus and let it check your computer for signs of intrusion. Clear your browser history and be careful in the future.
If you think that criminals have access to your credit card, contact your bank to block it.
If you see signs of someone using your personal information to impersonate you, then follow the steps in this identity theft prevention checklist.
What to do if you suspect a phishing attack
Even if you experience panic, refrain from disclosing your personal information and do not participate in questionable lotteries. Don’t install software whose reliability and legitimacy you’re not sure about. Don’t transfer money to strange charities and vendors on the internet in an attempt to save money as it might get stolen.
If you get an email that causes you to experience intense emotions, don’t rush to do anything dramatic or follow any links. Stay centered and sort through your messages—hurry and fear are the most powerful tools for scammers. They aim to disorient you so that you lose track of what’s going on.
In case you need to clarify information about the transactions on your bank account, call your provider’s hotline—it can be found on your credit card.
How to report phishing
If you get an email from a familiar organization, but you’re not sure about its authenticity, find the company’s official contact details on the internet and inform them about your situation. Banks and government officials always prioritize the safety of their users—you can count on them doing everything in their power to make sure your data is secure.
What is a common reason for phishing attacks?
Phishing attacks are a profitable business. Scammers can spend a very small amount of money to create an imposter website, a fake ad, or a malicious email, but the return of investment can be measured in thousands of dollars.
Can you go to jail for phishing?
Phishing is considered a cybercrime and is therefore prosecuted in many countries. Even if the crime is committed in a foreign country, there are multiple agreements between the world’s governments to reinforce international cybersecurity that prevents criminals from escaping the law.
Some places hold people accountable for their crimes starting from 14 years of age. Depending on the severity of the felony, it can be punished either by financial compensation or a long period of imprisonment.