What is Phishing?

Phishing is a type of social engineering attack where criminals impersonate a trusted organisation or person to trick victims into revealing sensitive information, such as login credentials, credit card numbers, or social security numbers. These attacks typically occur via email, but can also happen through text messages (smishing) or phone calls (vishing). Common Types of Phishing
  • Email Phishing: The most common form. Scammers send mass emails that appear to be from legitimate companies (like banks, streaming services, or delivery companies) asking you to "verify your account" or "update your payment info."
  • Spear Phishing: A highly targeted attack aimed at a specific individual or organisation. The attacker researches the victim to make the email highly personalised and convincing.
  • Whaling: A form of spear phishing that targets high-profile individuals, such as CEOs or CFOs, often to authorise fraudulent wire transfers.
  • Clone Phishing: Attackers create a nearly identical replica of a legitimate email you previously received, but replace the safe links or attachments with malicious ones.

How to Spot a Phishing Email

While phishing emails are becoming more sophisticated, they often contain telltale signs:
  • Mismatched Sender Address The sender name might say "PayPal," but the actual email address is something like `support@paypal-update-info.com` instead of `@paypal.com`.
  • Generic Greetings Legitimate companies usually address you by name. Phishing emails often use "Dear Customer" or "Dear Member."
  • Sense of Urgency or Threat "Your account will be suspended in 24 hours" or "Unauthorised login attempt detected." They want you to panic and act without thinking.
  • Suspicious Links Hover over (but don't click!) any links. The URL shown in the tooltip will often look strange or slightly misspelled (e.g., `www.rnicrosoft.com` instead of `www.microsoft.com`).

How to Protect Yourself

  • Never click links in unsolicited emails. Go directly to the company's website by typing the URL into your browser.
  • Enable Multi-Factor Authentication (MFA). Even if a scammer gets your password, they won't be able to log in without the second factor.
  • Keep your software updated. Browser and OS updates often include security patches that protect against known phishing sites.

How ScamCheck Helps

If you receive a suspicious email, you can take a screenshot of it and run it through ScamCheck. Our AI will analyse the sender address, the language used, and any visible URLs to determine if it's a phishing attempt, giving you peace of mind before you click.