/>
X

Your personal security guide: Phishing campaigns

What are phishing campaigns, why do they exist and how do I protect myself?
charlie-osborne.jpg
By Charlie Osborne, Contributor on
phishing-conceptcredsymantec.jpg
1 of 7 Symantec

What are phishing campaigns?

Phishing campaigns are fake and fraudulent messages and websites designed to dupe users into handing over their personal, sensitive and account information, from social media to banking.

screen-shot-2015-03-17-at-13-36-34.png
2 of 7 Charlie Osborne/ZDNet

What types of phishing campaigns exist?

You might see a sale promoted on Facebook which offers a link to a fake, malicious website, or most commonly, phishing campaigns are conducted through email. Messages are sent from criminals masquerading as legitimate businesses, banks, institutions and popular websites including Facebook, PayPal, Amazon and HSBC. Most campaigns are designed for the general public, but some "spear" phishing campaigns target specific groups and users.

screen-shot-2015-03-17-at-13-28-52.png
3 of 7 Charlie Osborne/ZDNet

Give me an example?

In this example, the UK's tax office HMRC is used in a phishing campaign. Aside from an illigitimate email address, a .ZIP file was attached containing malicious code.

screen-shot-2015-03-17-at-13-38-22.png
4 of 7 Charlie Osborne/ZDNet

How do I recognize phishing campaigns?

Phishing campaigns most often are found in email inboxes and through social media. An email from your bank may warn you of fraudulent payments or might promise you a tax refund. Most will be flagged up by your email provider, but check for spelling mistakes, attached files, and "click here" links. Most phishing campaigns will have a time limit to induce panic and more clicks. They may also be based on social engineering -- and you may be called by someone pretending to be a Microsoft or PayPal employee, or from an antivirus firm which has "scanned" and found problems on your PC.

glowing-keyboard-hacker-security-620x465.jpg
5 of 7 Charlie Osborne/ZDNet

What could happen if I become a victim?

Phishing campaigns most often go after financial details. Your accounts may be compromised, and you may become a victim of identity theft if sensitive information has been stolen.

screen-shot-2015-03-16-at-10-18-51.png
6 of 7 Charlie Osborne/ZDNet

How can I protect myself against phishing campaigns?

Be vigilant online and trust your instincts -- if an email or sale promoted through Facebook looks too good to be true, it probably is. Always check email addresses for spoofing, be wary of clicking on shortened links and do not reveal sensitive information through email. Always check website addresses for legitimacy.

passwordsecurity.png
7 of 7 Charlie Osborne/ZDNet

What do I do if I become a victim?

If you still can, change your login details for accounts, and contact companies directly to let them know your account has been compromised. Keeping an eye on your credit score is also recommended so you know of any changes, and consider reporting issues to the authorities.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Tech salaries, developer skills, cybersecurity, and more: ZDNet's research roundup
remote-working-from-home-man-employee-small-desk.jpg

Related Galleries

Tech salaries, developer skills, cybersecurity, and more: ZDNet's research roundup

8 Photos
Yubikey Security Key C NFC
Security Key C NFC

Related Galleries

Yubikey Security Key C NFC

8 Photos
First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

10 Photos
iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

5 Photos
OnlyKey hardware security key
OnlyKey

Related Galleries

OnlyKey hardware security key

19 Photos
SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

10 Photos