In phishing, hackers pose as a known contact or organisation that you trust. They try to get hold of your personal data or business information, or encourage you to make a payment into their bank account. These tips will help you recognise suspicious messages in three steps.
1. The basic rule about phishing: be alert
Phishing is a growing phenomenon, so it is important to always be alert to fraudulent messages. Cybercriminals always try to take advantage of something or someone you trust. They also often exploit your fears and curiosity. If you are aware of this, you won’t be fooled so quickly. With phishing the basic rule is that you can never be too careful. If you have even the slightest doubt, move on to the next step:
2. Do you think that a mail or phone call is suspicious? Judge it based on these questions.
Answer the questions below and find out whether there should be alarm bells ringing:
- Is it unexpected?
The message comes from a sender that you haven't ordered or requested anything from, or from someone you haven't had contact with for a long time. - Is it urgent?
If you are urged to respond quickly, keep a cool head. For example, have you really already received a first payment reminder? - Do you know the sender?
Check the e-mail address, including for spelling mistakes. But be careful: a legitimate e-mail address is not a guarantee – the account could have been hacked. Trusted senders also list other contact details that you can verify. - Do you find the question strange?
An official body will never ask you for your password, bank details or personal data by e-mail, text message or telephone. - Where does the link you need to click take you?
Hover your mouse over the link. Is the domain name (the text in front of the .be, .com, .eu, .org, etc. and before the first slash ‘/’) really the name of the organisation?An example:
The link www.cheops.com/tips has the domain ‘cheops’. The link www.cheops.tips.com/cheops has the domain 'tips' and you will be directed to a different website. - Are you addressed personally?
Be suspicious of messages with general and vague forms of address, or with your e-mail address as the form of address. - Does the message contain a lot of language errors?
Language errors or strange use of language can indicate a suspicious message. But be warned, seasoned cybercriminals do ensure the language is correct. - Is the message in your Spam/Junk folder?
If so, be extra careful. - Is someone trying to arouse your curiosity?
Of course, you will be curious about messages such as ‘Are you already aware of this opportunity?’, ‘Are you (or is your company) participating in this activity?’ Or ‘Last chance to register free for ...’, but be especially careful not to be taken in by this.
3. Still in doubt? Then contact the sender.
Are you still not sure whether the message can be trusted after answering this list of questions? Then stay on your guard and definitely do not open any links or attachments. To make certain, use a different way to contact the sender.
You can call, text or send a message to your own contacts through social media. If the message doesn't come from them, let them know that their account is being misused and may have been hacked. On some social networks you can mark messages as 'fake'.
For a message that seems to come from an organisation or company, go to their site and check, for example, whether that ‘urgent’ action actually exists. If you don't find anything, you can also give them a call.
Want to know more?
Read our tips for working from home safely.