Phishing typically happens when criminals send convincing looking but fraudulent emails, although they have also been known to use phone contact.
These emails are often sent to thousands of individuals - in the hope that some will be hoodwinked into supplying personal information. This may include user names, email addresses, passwords, bank account, and credit card details.
These phishing attacks will typically encourage victims to enter details on a fake website - which often seems to come from a legitimate organisation.
• Casual or informal wording that's not in the normal style of an email from a legitimate company
• Familiar language or tone but poor grammar and spelling
• 'Verify your account' request - banks will never ask you to enter full account details, passwords or PINs onto a website
• 'There is a secure message waiting for you' - these messages work by putting the emphasis on reading a message - not your actual account. However, the link in the email will still ask for your personal account details
• 'If you don't respond within 48 hours, your account will be closed' - such messages convey a sense of urgency that can make you respond immediately without thinking. Phishing emails might even claim that your response is required because your account may have been compromised
• 'Click the link below to gain access to your account' - sophisticated email messages can contain links or forms that you may fill out just as you would do on a legitimate website
• 'Dear Valued Customer' - phishing emails are usually sent out in bulk and often do not contain your first name or surname .