Phishing awareness: don't take the bait

Here are some top tips to make sure you don't fall for spam emails and fake websites.

Phishing is a way scammers try to gain access to user names and passwords.

It usually is sent as an email to millions of people. They look like they come from friends or genuien companies. 

The email contains information directing you to click on a link. The link then takes you to a fake website where your details can be used. 

How can I spot a spam email?

You can spot a spam email by:

  • the sender’s email or web address is different to the genuine organisation’s addresses
  • the email is sent from a completely different address or a free web mail address
  • the email does not use your proper name, but uses a non-specific greeting such as 'dear customer’
  • the email threatens that unless you act immediately your account may be closed
  • you're asked for personal information, such as your username, password or bank details
  • the email contains spelling and grammatical errors
  • you weren't expecting to get an email from the company that appears to have sent it
  • the entire text of the email is contained within an image rather than text format
  • the image contains a link to a fake website

How can I spot a phishing website?

You may be able to tell a website isn’t genuine because:

  • the website's address is slightly different 
  • there are spelling and grammatical errors on the page
  • the site isn't secure
  • the padlock for secure sites isn’t in the website browser, at the top or bottom of the page 

What can you do?

There are some steps you can take to protect yourself from phishing attacks:

  • If you are unsure about an email, contact the sender by telephone to confirm
  • Be wary of emails asking for confidential information
  • Familiarise yourself with a websites privacy policy