Phishing is an email-based attack when a malicious email is being sent to you with the purpose of you disclosing sensitive information about yourself. It is also the most common means of obtaining information to attack an organisation or unsuspecting users.
The false emails often look surprisingly legitimate and even the web pages, where you are asked to enter your information, might look genuine. However, the URL in the address field can alert you whether the page you have been directed to is valid or not.
Different emails are sent to attract victims. Some emails might refer to your personal information that needs to be updated or validated and you being asked to enter your username and password, after clicking on a link provided in this email.
Other emails might even ask you to enter more information, such as your full name, address, phone number and credit card numbers. By just visiting the false website and entering your username and password, the phisher might be able to gain access to more information by logging into your account.
- Do not trust poorly written emails with spelling errors or incorrect grammar. Legitimate corporate companies have quality control measures in place that prevent such mistakes.
- Do not click on any links in such emails. Rather navigate directly to the website in question.
- If you are uncertain about the authenticity of an email rather ask your service provider directly whether it is valid or not.
- If possible, visit the company personally or phone the customer contact centre’s number or their official website (remember not to trust phone numbers in a suspicious email!)
Only provide personal or financial information through an organisation’s website when you have typed in the web address yourself and have seen indicators that the site is secure, such as a URL that begins with “https” (the “s” stands for secure). Unfortunately, an indicator is not a total guarantee that a site is secure; some phishers use forged security icons.
- Review your credit card and bank account statements as soon as you receive them to check for unauthorised charges. If your statement is late by more than a couple of days, call the bank to confirm your billing address and account balances.
- Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files might contain viruses or other malware that can weaken your computer’s security.
- Use trusted security software and set it to update automatically.
- Do not send personal or financial information in an email as it is not a secure manner of transmitting confidential information.
Where to report
firstname.lastname@example.org – National Operational Centre
email@example.com – State Security Agency
firstname.lastname@example.org – South African Revenue Service