Phishing

Fraudulent attempts at getting you to divulge private information via messages sent to your computer, tablet or smartphone are called phishing. It’s a play on the word fishing, and pronounced the same.

Phishing has traditionally been associated with email, but the growth in smartphone use has led to scammers also using text messages and services like WhatsApp.

Examples

Phishing can take various forms. These are just some examples:

There are a few things you can check to help determine the authenticity of an email, text or other electronic message.

Check the spelling and grammar

A scammer may not speak your language very well, and this can work in your favour: bad spelling or unusual grammar are common signs that a message is bogus. Sometimes you’ll see particularly complex or unusual phrases, which are a sign that the message has been translated automatically.

In the heat of the moment it can be easy to miss, but the wording of a message is often the most visible clue that it’s fraudulent. So, when in doubt, take your time.

Of course, some scammers will write perfectly in your native language; and conversely, a genuine sender might make a mistake! So, there’s no definitive rule here.

Check the From address

This applies only to email. Consider that an email includes a To address, From address, sender name, subject and body.

The From address is of particular interest, but many email apps hide it to begin with, showing only the sender name. The name is not helpful in determining the authenticity of an email, because it can be anything the sender chooses. So, learn where to find the From address in your email software — often by resting the mouse cursor over the sender name, or clicking or tapping it.

An unusual From address is usually a clear giveaway of a fraudulent email. For example, an email from eBay is almost certainly going to come from an address ending in ebay.com or a local equivalent like ebay.co.uk. If the From address shows otherwise, there’s a good chance the message is bogus.

Sadly, the reverse is not true. Because ‘spoofing’ is possible, you cannot be certain that (for example) an email showing a From address ending in paypal.com really is from PayPal. That said, technological measures to combat spoofing have made the practice unfavourable — good email providers are now highly likely to filter such messages as junk.

Check where links take you

To complete the scam, phishing messages typically include a link to a web page on which you are asked to enter the information the scammer desires. In other words, being the victim of a phishing scam actually requires you to be tricked twice: first into believing a fake message is genuine, and second into giving away private information.

Consider, then, that it doesn’t matter if you ‘fall for’ a fake message if you’re able to back out at the stage where you realise the resulting web page is fake. The email might have been perfectly written, and you might have missed the slight misspelling in the From address, but now that you’ve clicked the link you can make arguably the most reliable check of all: the address displayed in your browser.

Visit the website directly

If you’re still in doubt, a foolproof option is to ignore the link in the suspect message and make your own way to the website in question. If you really have been sent that money on PayPal or tagged in that Facebook photo, you can find out directly — bypassing the possibility of a scammer leading you astray.

As a bonus, bookmark important sites to ensure you never end up on fake versions of the same.