What is phishing? How to protect yourself (and your money) online
- Scammers posing as legitimate organisations may try to steal your account information or financial details through email
- Make sure to check the domain name in the message, as well as any for any spelling mistakes or grammar errors - these all point to a scam
- By Yuhan Huang
Every now and then, an unexpected email pops up in your inbox. It seems to be from a reputable company or government organisation. Not all of these emails are innocent or real, though.
It may ask you to submit a performance review to improve the user experience of something you’ve tried. You have some time to kill, so you click on the link to the website.
Then, everything explodes.
Just kidding – what happens isn’t as obvious as that. The link directs you to a website which asks you to input your username and password. Except the website and the email are both fake.
This is an example of a phishing email, which is sent by a scammer to trick you into thinking they are a legitimate company or organisation. They lure people into thinking it is safe to input sensitive information such as usernames, passwords, or financial details.
If you have entered financial details into the fake website, such as a credit card number or bank account number, the scammer can use it to steal money from your accounts.
Sometimes, something more subtle and malicious can take root in your computer. A virus can infect your computer, which scammers can use to access your personal information.
Luckily, there are several ways to detect a phishing email. First, check if the domain name in the email is different from the official URL. For instance, the URL in a phishing email may be “update.yahoomail.com” instead of “mail.yahoo.com”, which is the official domain.
Miscapitalisations, grammar issues, and spelling mistakes are also common in phishing emails.
Phishing emails may state that they’ve given you a “temporary link”. That’s a red flag that the email has not come from the official organisation or authority. Their message may also sound urgent by mentioning a deadline. For example: “Your account will be deleted in the next 14 hours if you don’t sign in.”
During the pandemic, scammers have even impersonated the Department of Health in emails promising crucial updates on the coronavirus.
However, government organisations will never ask you to input your personal details in order to receive information from them. They would always post anything important on their official website for everyone to see.
What to do if you fall for a phishing scheme:
- Log onto the real website, and change the password of your account. Do this quickly before the scammer accesses it.
- Check if the scammer has made any purchases with your accounts.
- If the affected account has access to your bank details, contact your bank immediately.
- Update your computer’s antivirus software, and run a scan.
- If you do lose money, call the anti-scam hotline or the police immediately.
