Your personal security guide: Phishing campaigns
What are phishing campaigns?
Phishing campaigns are fake and fraudulent messages and websites designed to dupe users into handing over their personal, sensitive and account information, from social media to banking.
What types of phishing campaigns exist?
You might see a sale promoted on Facebook which offers a link to a fake, malicious website, or most commonly, phishing campaigns are conducted through email. Messages are sent from criminals masquerading as legitimate businesses, banks, institutions and popular websites including Facebook, PayPal, Amazon and HSBC. Most campaigns are designed for the general public, but some "spear" phishing campaigns target specific groups and users.
Give me an example?
In this example, the UK's tax office HMRC is used in a phishing campaign. Aside from an illigitimate email address, a .ZIP file was attached containing malicious code.
How do I recognize phishing campaigns?
Phishing campaigns most often are found in email inboxes and through social media. An email from your bank may warn you of fraudulent payments or might promise you a tax refund. Most will be flagged up by your email provider, but check for spelling mistakes, attached files, and "click here" links. Most phishing campaigns will have a time limit to induce panic and more clicks. They may also be based on social engineering -- and you may be called by someone pretending to be a Microsoft or PayPal employee, or from an antivirus firm which has "scanned" and found problems on your PC.
What could happen if I become a victim?
Phishing campaigns most often go after financial details. Your accounts may be compromised, and you may become a victim of identity theft if sensitive information has been stolen.
How can I protect myself against phishing campaigns?
Be vigilant online and trust your instincts -- if an email or sale promoted through Facebook looks too good to be true, it probably is. Always check email addresses for spoofing, be wary of clicking on shortened links and do not reveal sensitive information through email. Always check website addresses for legitimacy.
What do I do if I become a victim?
If you still can, change your login details for accounts, and contact companies directly to let them know your account has been compromised. Keeping an eye on your credit score is also recommended so you know of any changes, and consider reporting issues to the authorities.