What is phishing?

Phishing is a type of fraud where the criminal tries to get you to disclose information such as: login details (usernames and passwords), account numbers and credit card numbers. The attacker will do this by posing as an employee of a bank or another company.

How is it done?  

Phishing is often conducted via email, but fraudsters have been known to contact victims via telephone or text message.

These messages often suggest that there are compelling reasons as to why the recipient must provide the information. For example, the phishing communication might state that access to your bank account will be blocked if you don’t respond. Alternatively, you may be told that you have won a lottery or other competition, and that you need to provide personal information within a specified timescale in order to claim your prize. Another tactic might be to tell you that your computer needs to be fixed, and that the caller can carry out the repairs provided you furnish them with your account details to allow them to take payment.

Sometimes a phishing email includes a link to a website, where you are asked to enter confidential personal information on a form. The most skilled fraudsters are able to design this site so it looks like the genuine website of your bank or other financial institution, however it will actually be a cleverly disguised copy of the real site. Research carried out by Webroot estimated that as many as 1.4 million of these fake websites are created every month.

Phishing sometimes involves tricking users into installing malware, ransomware or other harmful computer viruses.

Once the criminal has obtained your password, account number, or whatever else they were seeking, they will then use this information to access your account and steal money from you.

Special forms of phishing

Many phishing attacks involve a single communication, where the fraudster attempts to trick you into disclosing the information that they want. However, a less common form of phishing involves the criminal building a relationship with you over many weeks or months via social media, or other communication channels. Their aim is to get you to think of them as someone you trust, and once this has occurred, they will ask you to disclose confidential information that you would normally only provide to your nearest and dearest.

You also need to be wary of phishing communications when you are at work. A common tactic is the ‘CEO fraud’, where a message is sent to you, supposedly from your CEO, or another senior manager, and which asks you to transfer a sum of money to a particular account.

Phishing conducted via text message is sometimes referred to as ‘Smishing’ (SMS phishing).

Phishing conducted via phone is sometimes referred to as ‘Vishing’ (voice phishing).

Don’t become a victim

Further research by Symantec has estimated that, globally, there are 135 million phishing attempts made each day by criminals seeking unwarranted access to personal information. So, this really is a serious and large-scale problem.

Wonga South Africa wants to ensure that its customers do not fall victim to a phishing attack, and with this in mind, has published guidance on its website on how to help you identify that a phishing attempt may be being made.