Phishing

Phishing is the act of illegally obtaining personal information using electronic communications from someone. With this information the scammers can build up a profile of the victim in order to make some financial gain. The most valuable information is bank account or credit card details together with PIN or passwords. But just adding to the basic information that they may have on the victim is also valuable.

Having details of a bank account or card or credit card including the 3 didit CVV number, or PIN or password will allow a scammer to empty a bank account. This is really what their end goal is.

More sophisticated attacks will just slowly build a lot of information abou a victim. With that they may be able to open finance agreements or "blag" their way into band or credot-card accounts, even without the full security details. However banks are wise to many of the tricks whcih is why PIN or passwords are most valuable.

Phishing by Calling

When you get a phone call and the caller dispay is one of your contacts (a person) then it is very likely to be the right perosn. It is possible but not easy from a scammer to send a call from their number. Recognise the correct voice? OK.

When you get a call from a withheld number or no number then be suspicious. Or if you get a call from a number not in your contact be suspicious. Scammers will ring you on all sorts of pretenses, Unpaid tax, been in an acident, selling something etc. Just do not answer. But you may have a friend who for some reason withholds their number - if you do answer then make sure it is them before you start talking.

The scammer may have some basic knowledge about you, well they must have to get your number. They are trying to get any little detail. They are trying to build up a picture of you and using some obvious guesses aim to get more details added to their list. The holy grail is bank details, or credit card details including PIN or passwords. With these they can empty your account. Be warned.

Some scammers have very plausible stories with some details. They are trying to add to these. With this added picture of you, they will ring again to build a better picture and again, until they have sufficient for their purposes, probably to get money out of you.

Phishing by SMS

An SMS message can to into your inbox with a name or a number. If a number comes up then the SMS is not from a contact, so be wary. Names of companies that you have not dealt with should also be considered to be a scam. But for the attacker it is relativly easy to put a name in that is not the sender. So, the attacker can send an SMS with a company name in order to trick the recipient.

Within an SMS message could be a link, the attacker will want the target to click the link. This will lead to a dangerous web site with the aim of infecting the phone or getting informationfrom the target.

What are they trying to do? They are tring to get the target to click the link in the SMS. Doing so will often lead to a web site with a form. Maybe they have pretended to be your bank. The form will look like the login page for your bank, but not quite. You will have to put in a lot more details than usual and when you press send the attcker has your information but you are not taken to your account

A second option is that the link is a virus, which the attacker gets to load on your phone again giving the attacker acess to your device.

Passwords

Your password is your key to the sites you are registered with. If you think of passwords in this way, the rules for passwords make sense. We dont have all put keys the same, so we should not have passwords all the same. Simple keys work but not as secure as security keys, same with passwords. We dont leave our keys lying about, so the same as passwords. But passwords are not physical keys, and we have many more of them.

Passwords need to be both secure and memorable. We are advised to use letters, capitals, digits, special characters, with a password. A random collection of these would seem to be the most secure, but we cannot remember these, so we write it down. I can remember simple words with a digit which we dont need to write down but is easy to guess. "Password123" is a very popular password.

Some people write their passwords down in a book, get the book then a scammer will have the master key to your life. There are apps such as "MSecure5" which allows you to write the passwords down electronically on your phone with a master password (make it memorable and not written down). There are also password managers such as "LastPass" which are a little complex to use but keep them safe, and as you do not need to remeber anything except for the master password you can use complex (random) passwords.

Simple aim for a scammer, get the password then get the key to your bank, or credit card or store or in fact everything. Remember that with the password they can order goods on your account but get them deleivered to an anoymouns address. But remember that money is the prime aim, so Bank passwords are most valuable to a scammer.