You’ve probably heard the term ‘phishing attack’ but may not be familiar with what they are, how they work or why they would even affect you. The truth is, phishing attacks, which target individuals’ email or phone numbers, are increasing in South Africa and it is up to you as a recipient of a phishing email to recognize it and act accordingly.
Don’t fall victim to it – because it can cause a lot of stress and trouble if you are caught out. It pays to be savvy and to also pass on the information to friends and family, particularly older members of your family which may not know about phishing emails.
Don’t think a phishing attack could happen to you?
We are used to being pestered by outside companies who have our details and want to see our things – many of these are reputable companies that simply want to earn more customers. So it might not seem that strange to you when you receive a text from a company you have previously shopped with.
Occasionally, though, hackers manage to get hold of details and act as if they are the reputable company, convincing customers or recipients to part with money. These emails or text messages can be very convincing. Don’t think it would ever happen to you? Well, according to a 2015 Columinate Internet Banking SITEisfaction survey, 55% of online banking customers had been targeted by fraud, while 12% incurred financial losses due to criminal activity. Many people, even techie-smart people, have been caught unawares because hackers are simply so good at convincing you that they are a legitimate company.
Spotting a phishing email
Microsoft says that the main things to look out for are:
- Messages and threats of account closures.
- Promises of money for little or no effort
- Deals that sound too good to be true
- A hyperlinked URL to ‘log in’ to your account which takes you to a hacker site
- Bad grammar or sentences that make no sense
However, despite some warning signs, hackers are becoming more sophisticated about how they convince customers of their legitimacy within the latest phishing attack approaches. The email may contain accurate logos and ‘sound’ convincing with industry terminology. Also, the mail may be sent from a seemingly legitimate email address – “firstname.lastname@example.org”, for example. You may not have any reason to doubt the validity of the email, so scrutinize it carefully and thoroughly.
You need to think carefully before responding directly to any of these emails. Many reputable companies know the threat of a phishing attack and so have dedicated hotlines set up in case it ever happens to them.
This kind of damage control is reassuring for their customers, who can simply call them directly and discuss what they have received and what they did next.
Wonga ZA, for instance, recently experienced a phishing scam where hackers targeted customers of the loan company to tell them about a new ‘too good to be true’ deal. They asked for a fee up front, which was a clue to many customers that this wasn’t the real Wonga.
Customers who suspected fraud were able to contact a dedicated number and speak to the real Wonga brand, who quickly confirmed this was an attack and they should not respond to the text or email that they had received. Wonga were then able to quickly disarm this attack and shut down the hackers.
Wonga ZA also recently published information on their website to say that Wonga would never “send any unsolicited direct marketing, either through Facebook, SMS or email, to any customers. All email communication from us will always come from an @wonga.com email address.” They continue to update their customers so they are always kept in the loop about any suspected attacks.
Other companies have also set up similar damage control strategies, like Apple, Amazon, and Google, who all understand the threat that phishing attacks can pose both on their business and on individuals’ accounts. By addressing the problem head-on, they can minimise the impact of any of these attacks.
Other things to bear in mind to prevent harm caused by a phishing attack
As well as contacting the company directly to confirm whether the email you have been sent is legitimate or not, here are some other things to bear in mind:
- Never give your personal details away, like addresses, names or PIN numbers
- Don’t reply to the email. Many feel tempted to reply with ‘I know you are a fake’ or something along those lines, but this only confirms the legitimacy of your email address and that you use the account, which they could store for targeting again in the future. Be careful!
- Never access websites from an email link. Always enter the website address in your browser
- Avoid using Internet cafes for Internet banking
- Ensure that you have updated antivirus and spyware on your PC
- Do not open other websites while logged into your accounts
- When accessing Internet banking, check for the padlock icon and “https” at the beginning of the site’s URL
- You can also report the phishing attack by emailing email@example.com on the cybercrime ZA website.
If in doubt…
If in doubt about whether you have responded to a phishing email or not, it is important to get the legitimate number of the company from their own website and contact them directly. Don’t feel embarrassed or ashamed, because many people will be in the same boat as you. It can be tiresome trying to retrieve lost money or re-set your personal details, but in many cases, the matter can be resolved with the help of the company quickly and serves to avoid any further customers making the same mistakes.