Phishing – We’re Going on a Shark Hunt

… we’re going to catch a big one. What a beautiful day! We’re not scared.

Phishing scams are getting bigger, scarier and, unlike this shark, are becoming even more difficult to spot.

One of our customers contacted us to ask about a possible scam sent to her from EE.

I have to admit, this is one of the better ones I’ve seen. It sounds convincing, and even explains about people who may be trying to trick you…

We rang EE to ask them to confirm if they had sent this to the customer. No surprises, they hadn’t.

It’s not just business mobiles this can affect, it includes banking and all sorts. If someone thinks they can phish you for money or your personal identity, they will.
So, how do you avoid being taken for a ride?

Our top tips:
Don’t follow links

  • Links in emails have the potential to give you a virus, no not the snotty ones that make you feel terrible, but the ones that make your mobile phone or computer sluggish and conducive to sharing more than they ought.
  • They could take you to a website that looks genuine, but is a clone, where someone can collect your username and login details.
  • If they can hack one of your accounts, the chances are they can hack several.
  • Access the website the way you normally would: via your app, or by typing the web address in full.

Never provide your password

  • Not over the phone, or in response to an email. If they ask, they’re probably phishing.
  • Only fill your password into reliable places.

Password power

  • Change your password every so often – this will keep them on their toes.
  • Use a strong password – letters, numbers, special characters, uppercase and lowercase, and preferably don’t use obvious words and dates like your own name.
  • Use different passwords for every website – particularly don’t share across your banking, online shopping, and social media accounts.
  • Use a safe to store passwords if you can’t remember and keep track of them – you can purchase apps, some phones come with suitable software, you can use a password protected document, you can use some antivirus and malware software, or you could use a good old fashioned notebook stored in your good old fashioned safe! None are 100% infallible, but better to have something than nothing at all.

Better safe than sorry

If it sounds a bit like it has a bite in the tail, and there’s something altogether not quite right, the chances are it is a giant phish.

Our recommendation to this customer was to change the password anyway, just not via their hoax email!

Don’t forget that if you get an email from your mobile phone network, you can always give them a ring and ask, they don’t bite, and they keep a record of all messages sent out by them, including texts and emails.