Ever fallen for an email that asked you to buy gift cards for your boss? What about a text that insists it has a delivery update for a package you may (or may not) have coming via courier? The classic blunder – and phishing at its finest.

Phishing is a type of cyber-attack that has become increasingly common in recent years. According to a report by the Anti-Phishing Working Group, there were over 1.2 million phishing attacks in the 3rd quarter of 2022 alone setting a new record. It involves someone sending a fraudulent message that appears to be from a legitimate source to trick individuals into revealing sensitive information such as passwords, credit card numbers, or other personal information.

It can take many forms, but they all involve some form of deception. Some common examples of phishing include:

• Emails that appear to be from a legitimate company, asking you to click on a link or download an attachment.
• Phone calls or text messages that claim to be from your bank or credit card company, asking you to provide personal information.
• Fake websites that look like legitimate sites, asking you to enter your login credentials.

In each of these scenarios, the goal of the attacker is to trick you into giving up your personal information, which they can then use for fraudulent purposes.

How do I protect myself from phishing?

Fortunately, becoming aware of common phishing methods is an easy way to start avoiding them. Read the following tips on avoiding attackers:

• Look for inconsistencies in your emails, such as:

• Not recognising the sender/company.
• The sender's name not sounding right (incorrect spelling, letters doubled up).
• The sender's email address not matching the domain of the organization they claim to represent.
• Generic greetings or no greeting at all in the email.
• Spelling or grammatical errors that usually wouldn’t be there.
• Appearing to be from a legitimate company, but the logo or branding looks slightly off or different from what you normally see.
• Hovering over a link in the email with your mouse and finding the address that you see doesn’t match the place it’s saying it’ll take you.

• Be wary of emails, phone calls, or text messages asking for personal information. If in doubt, contact the company or organization directly to verify the legitimacy of the message.

• A recent example of this being used as an attack is through texts posing as courier companies claiming to say they have a package awaiting delivery.

• Use strong, unique passwords for each of your accounts. Consider using a password manager to help you keep track of your passwords (trust me, this is a life saver).
• Enable two-factor authentication on your accounts, which adds an extra layer of security.
• Keep your software up-to-date, as many phishing attacks rely on vulnerabilities in outdated software.

What to do if I received a phishing email?

If you suspect that you have received a phishing email, here’s what you should do in the following scenarios:

You’ve only opened the email

Simply delete it.

You’ve entered your credentials

Change your passwords for those accounts that you think might be compromised.

You’ve given out personal or financial information

Contact the service provider for your online accounts and report the fraudulent activity, including the following if they apply to you:

• Tell Department of Internal Affairs if you have provided passport information
• Tell New Zealand Transport Agency if you have provided your driver’s license information
• Consider getting a free credit check done to see if any accounts have been opened in your name.

Remember, phishing is a serious threat that can have severe consequences. By being vigilant and taking the necessary precautions, you can protect yourself and your personal information from falling into the wrong hands.

‍