What is phishing and how can I stay protected online? Part 1

Published 12/05/2004 15:47   |    Updated 23/04/2008 11:39
What is phishing and how can I stay protected online?

What is phishing?

Phishing is an illegal activity that occurs when online criminals (phishers) pretend to be legitimate organisations, like banks and credit card companies, in order to trick you into giving them your personal details.

Phishers usually send you an email in which they'll often ask you to 'verify' or 're-submit' personal information by return.

They may ask you to complete an online form and may offer you something attractive like money or a holiday if you do so.

Be alert for anyone looking for your bank account details, credit card numbers, passwords, PIN numbers, your Personal Public Service Number (PPSN) or National Insurance Number.

Phishers can use this information to impersonate you and make unauthorised withdrawals from your bank account and use it to pay for online purchases. They can even sell on this valuable information to third parties.



How do I recognise it?

In a typical scenario, a phisher sends a deceptive email, with a "call to action" that asks the recipient to click on a link. Examples of a "call to action" include:

  • An official looking statement that warns of a problem with the recipient's account. The email then asks the recipient to visit a website to correct the problem, using a deceptive link in the email.
  • An official looking statement warning that the recipient's account is at risk and offering to enrol the recipient in an anti-fraud program.
  • A fictitious invoice for merchandise, sometimes offensive merchandise, that the recipient did not order, with a link to "cancel" the fake order.
  • A fraudulent notice of an undesirable change made to the user's account, with a link to "dispute" the unauthorised change.
  • A claim that a new service is being rolled out at a financial institution, and offering the recipient, as a current member, a limited-time opportunity to get the service for free.

Here are some phrases that may be used in a phishing email:

  • "Verify your account"
  • "Respond within 48 hours or your account will be closed"
  • "Dear valued customer"
  • "Click the link below to gain access to your account"



How does phishing work?

In each case, the website to which the user is directed collects the user's confidential information. If a recipient enters confidential information into the fraudulent website, the phisher can subsequently impersonate the victim in order to transfer funds from the victim's account; purchase merchandise; take out a second mortgage on the victim's home; file for unemployment benefits in the victim's name or inflict other damage, usually financial.

In many cases, the phisher resells the illicitly obtained information onto a third party. Criminals participate in a variety of online brokering forums and chat channels where such information is bought and sold. There are many variations on deception-based phishing schemes.



What risk does it pose?

The victim may have their identity stolen leading to any number of risks including:

  • Financial fraud perpetrated under the victims' name.
  • Unauthorised use of the victims credit card and bank account
  • Unauthorised enrolment in online sites such as pornography and betting sites.


See also: What to do if you suspect if you are a victim of phishing and how to prevent it from happening.


Please tell us how we can make this answer more useful.