Everything you need to know about phishing

Phishing is a form of online fraud. The word comes from the English fishing, or ‘fishing’. That’s what the criminals do: fish for data. They send a message on behalf of a bank, the government or an online store. Usually it is an urgent request. The recipient supposedly has to pay quickly or receive a prize. By making the email appear as real as possible, they try to gain the reader’s trust. The victim unsuspectingly clicks through, fills in a number of details and… bit! The criminals get what they were looking for: login details and personal information.

Phishing by mail may be the most common, but it is certainly not the only form. Criminals are always trying new things. Just think of a fake message via SMS or WhatsApp. Phishing is often done on behalf of a bank, government agency or private individual. This happens in different forms:

• Via mail
• via text message
• Via a WhatsApp message
• Over the phone

A special form of phishing that deserves extra attention is whaling. With this form you will be approached by a so-called acquaintance. He or she will contact you because he or she is in need and can no longer access his money. Read more about this in the article ‘Don’t fall for whaling’.

It would of course be very nice to never encounter a phishing email in the mailbox. While it is difficult to stay 100 percent phishing free, there are a few things you can do yourself.

• Be selective with where you share your email address. Don’t just post it on social media.
• Use an internet service provider with a good spam filter. Gmail and Outlook automatically recognize a large proportion of phishing emails and filter them out of the mailbox.
• Do not give anyone your login details. Authorities never ask for this.
• Never send a bank card. The bank never asks you to do this.
• Check for fraud reports. For example on the websites Scammed!? and Fraudehelpdesk.nl.

While scammers are getting better at counterfeiting real letters/emails, there are a few things to notice:

• Phishing is usually done on behalf of banks, the government, companies and shops.
• You will be asked to click on a link.
• There is urgency.
• There are language and style errors in the message.
• The email address resembles that of the counterfeit company, but is often slightly different. For example ‘Zigggo’ (with an extra ‘g’) or ‘ING-pay.nl’ (a domain that is not owned by ING itself).
• Strange attachments. Do not click on these, they may contain viruses.

Some emails may also be another form of spam. You can read more about this in the article ‘Spam and phishing, what’s the difference?’.

An example: you receive an e-mail that appears to have come from the ING bank. The email asks you to click on a link urgently. However, this email does not come from the bank itself, but from scammers. Take a look at this email with the above points in mind. Do you recognize it as phishing?

Have you received a suspicious email or message? Then consider the following:

• Do not click on links in suspicious emails.
• Do not respond. Not even with comments like ‘stop sending me these fake messages.’ Your response is confirmation to criminals that they are dealing with an existing email address. The result: even more phishing and spam.
• Report a fake email to the appropriate authority.
• After reporting the fake email, just throw it away.

If in doubt about an email, SeniorWeb members can call on the Phishing Checker. Forward the suspicious email to us and you will hear within one working day whether it concerns phishing. More information can be found on the SeniorWeb Phishing Checker page.

Even if you’re alert to phishing, it’s possible to fall into the trap. Scammers are constantly coming up with something new and sometimes it is difficult to distinguish fake from real. What can you do in the following scenarios?

I (accidentally) opened an attachment from a fake email

• Close the e-mail program.
• Let the virus scanner perform an extensive scan of the computer. And let the program immediately neutralize any found malicious software.
• Just to be sure, change your (important) passwords. Especially those of your e-mail and the bank.
• Do not use internet banking until you are sure that no malicious software is present on the PC. If in doubt, contact the bank for advice.
• If the e-mail comes from a well-known company or body, please also contact them and explain the situation to them.

I clicked on a phishing link

Malicious software may be installed on your device. If you suspect this, follow the same steps as above with the opened attachment. A link can also go to a fake web page where you have entered login details or your personal data, for example. In that case, read on to the next paragraph.

I entered data on a fake website

• Did you come to the site via an email? And do you suspect that both the site and email are fake, but you are not sure? Then forward the email to the SeniorWeb Phishing Checker (for members).
• Was the email fake and did you enter login details? Change your password immediately.
• Have you also provided a telephone number? If you notice or suspect that your phone number is being misused for (expensive) SMS subscriptions, check this on the site Payinfo.nl.
• Have you left an email address? There is a good chance that you will be bombarded with dubious advertising emails. It makes no sense to unsubscribe from this because you confirm that the e-mail address is used. Move the emails to the spam folder. This will teach your e-mail program which e-mails are spam. After a while, these emails automatically end up in the spam folder.
• Have you entered bank details? Call your bank immediately.

I transferred money to a scammer

Have you transferred money to a party that cannot be trusted? Then report the fraud to the police. You can make an appointment for this via 0900-8844, the national telephone number of the police or at the nearest police station. Also contact your bank.