What is a phishing attack, and how to prevent it

Since we use the internet now more than ever, we’re more at risk of encountering a phishing attack.

So, we’ve created this handy guide to help you understand what a phishing attack is, unpack the different types of phishing and talk you through how to prevent being targeted. Because the more you know before you receive phishing emails, the better.

What is phishing?

When you see the words “phishing” appear on your screen, whether that’s written in a news article or in a work warning email, you’ll likely be racking your brains about what this actually means. So, what is phishing?

To put it simply, phishing is a cyber-attack that usually occurs through email, intending to trick the recipient into clicking a dangerous link, downloading harmful software or an attachment. Essentially, a phishing attack occurs when you’re sent fraudulent messages from what appears to be a reputable source. The phisher’s incentive? To install malware onto your device or steal vital information from you, such as banking, credit card and login details.

For instance, you may receive an email from what appears to be the CEO of your company, asking you to reply with some personal details, like logins or your phone number, only to realise the email address actually belongs to an unknown source.

The different types of phishing unpacked

Unfortunately, there are all sorts of different phishing scams you’ll need to be aware of – they don’t just take one form. Don’t worry, though; once you’re in the know, you’ll be much more prepared if you become a target of one of these attacks.

So, what are the two most common types of phishing you need to be aware of?

Email phishing

Email phishing is the most popular type of its kind and is often called “deception phishing”. Criminals will send an email impersonating a brand you most likely know, stating they need an urgent response. They’ll use clever tactics to try and trick you into replying, such as attaching malicious links and downloads to the email which then installs dangerous malware onto your device.

Spear phishing

Spear phishing is when a scammer acts as a trusted source to pull private information from you, without you realising. But what’s the difference between phishing and spear phishing?

Well, phishing emails are sent to a large organisation, whereas spear phishing emails are specifically targeted at a single recipient. Criminals initiating the spear phishing attack will use the victim’s social media as a source to gather personal information. They’ll then use this intel to trick you into responding and handing over personal details, without you noticing the dangers of this action.

An example of this?

If you’ve started a new job and have posted your new career change as a Social Media Manager for Waitrose on LinkedIn and Twitter, someone can then use these details to scam you.

They’d do this by sending an email saying something like: “Hi, I haven’t had the chance to meet you yet, but it’s great to have you onboard at Waitrose. I’m in a meeting right now, but this presentation will give you some handy new-job tricks and tips. They really helped me when I first started!”

And just like that, you could click the link to view this “helpful presentation”, only to find you’ve had vicious malware added to your laptop.

How to prevent a phishing attack

As much as you shouldn’t have to look out for phishing attacks, you need to do whatever you can to avoid becoming a victim to one. If you’re wondering how to prevent phishing and how to stop phishing emails from spamming your inbox, these tips should help:

1. Expand the contact’s email on your web browser as soon as you receive it

Phishing scams are more successful for the criminal if you don’t study the email contact in full. Initially, the sender may appear as someone you know, like NatWest bank. But once you expand the contact’s email address, flaws will start to appear, and you can assess the risk of the sender.  

For instance, “NatWest Bank” may pop up as the sender when you open your email, but when you click on the address in full, it reads as: Natwestbank.help/you@598.yahoo.com. Noticing this sketchy email address will then make you second guess the intent of the message you’ve been sent, and prevent you from responding to it in the first place.

2. Always question a link in an email

When you’re reading through a new email, spot potentially spammy links early and trust your gut. Because if a trusted source, like your internet provider, doctor, or bank needed you to view something immediately, they’d most likely affix an attachment to the email, not a clickable link. So, any email with a questionable link should be approached with caution, to stop a phishing attack from occurring.

3. Avoid posting personal information online

Yes, it’s hard to be more secretive in the digital age, with the likes of LinkedIn and Instagram providing a window into everyone’s lives, both personally and professionally. However, if you’re asking yourself how to stop phishing emails from landing in your inbox, there are several ways you can protect yourself and your personal data online.

The less information there is about you on the internet, the less likely you’ll become a target of a phishing attack. After all, if the criminal in question doesn’t have the knowledge needed to pose as someone you know and trust, they won’t be successful in getting your attention in the first place.

4. Introduce privacy functions across your social media platforms

You should be able to share what you want across your preferred social media platforms. But our advice is to make your accounts private on the likes of Twitter and Instagram as soon as possible. Also, toy with your privacy functions on platforms like LinkedIn and Facebook to ensure only a minimal amount of information is available to those who aren’t a connection.

5. Set up a VPN

If you’re working from home and don’t have a VPN set up, your network isn’t as secure as it would be in the office. This means that you’re more at risk of receiving a phishing email. Setting up a VPN will prevent spam emails because the private connection will stop hackers from tracking your email address altogether. This is a really simple step to prevent a phishing attack from occurring.

Put your safety first

To ensure you’re always staying safe online, read our other helpful blogs and invest in a provider who puts your safety and security first. Find out how you can reap the benefits of our hyperfast broadband now.