One of the most common ways that criminals access personal information is by tricking people into clicking on what appear to be innocuous links or attachments in emails.
If you get unexpected messages from your bank asking you to follow a link and log into your account, don’t follow the link. Type the address of the bank’s website into the address bar in your browser and log in that way. It’s always a good idea to ring your bank to confirm that a message (email, SMS) you think might be suspicious has indeed come from them.
You can also do a bit of checking of your own. If you’re suspicious of a link you’re encouraged to click on, whether on a website or in an email, hover over the link until the URL displays in the bottom-left corner of your browser window. Right-click on the link and select ‘Copy Link Location’ from the dropdown. Go to urlvoid.com or Sucuri SiteCheck and paste the suspicious link in there. These free services can’t possibly be completely accurate but they’ll certainly help to give you an indication if something is up.
A Few Rules
As a general rule of thumb, don’t click on anything that feels even slightly wrong.
If a site or service sends you your password in an email, this means they are storing your details in plain text. Stop using that service immediately.
+ Phishing, Wikipedia
+ ’10 Ways to Avoid Phishing Scams’, phishing.org
Irish readers might be familiar with a recent high profile case, namely the Meath County Council ‘CEO fraud’ of December 2016. A sophisticated cyberattack, said the headlines. A “serious, attempted cyber-enabled offence” said Meath County Council. No, it wasn’t. It was a very straightforward and old-fashioned bit of trickery using digital means. Fooling someone into thinking you’re not who you say you are is how scammers have worked since scammers first started scamming. Karlin Lillington gives it some properly sceptical coverage here.