Phishing is when attackers send malicious emails designed to trick the receiver into falling for a scam. The intention is to steal the user’s financial information, passwords or other sensitive data. Once stolen, the information can be used to gain access to bank account, computer, phone or any other device. In some cases, attackers can sell the information to other scammers.

The term “phishing” came about in the mid-1990s when hackers began using fraudulent emails to “fish for” information from unsuspecting users. Phishing emails lure people in and get them to take the bait. Once they are hooked, both the user and their organizations are in trouble.

Scammers launch thousands of phishing attacks every day, some of which become successful. They continuously update their tactics to keep up with the latest trends and changing consumer needs.  Here are some common tactics used in phishing emails or text messages:

  • Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
  • You may get an unexpected email or text message that looks like it is from a company you know or trust, like a bank or a credit card or utility company. The email may also come from an online payment website or app.
  • The message might say there is a suspicious activity or log-in attempts in your device. The message can also inform you of a problem with your account or your payment information. It may further require you to confirm your personal or financial information.

At first glance, phishing emails looks real and if you do not take a closer look, you can easily fall prey. Scammers send phishing emails hoping you will not notice it is a fake.

How to identify a phishing email

  • Has a generic greeting.
  • May say your account is on hold because of a billing problem.
  • Invites you to click on a link to update your payment details. While real companies might communicate with you by email, legitimate companies will not email or text with a link to update your payment information.

Phishing emails can often have real consequences for people who give scammers their information, including identity theft. Your email spam filters might keep many phishing emails out of your inbox. Scammers, on the other hand, are always trying to outsmart spam filters; extra layers of protection could help.

How to protect yourself from phishing attacks

  • Protect your computer by using security software.
  • Set the software to update automatically so it will deal with any new security threats.
  • Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
  • Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.
  • Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication.

The extra credentials you need to log in to your account fall into three categories:

  1. Something you know – like a passcode, a PIN, or the answer to a security question;
  2. Something you have – like a one-time verification passcode you get by text, email,
  3. Authenticator app; or a security key something you are – like a scan of your fingerprint, your retina, or your face.

Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.

What to do if you suspect a phishing attack

If you get an email or a text message asking you to click on a link or open an attachment, ask yourself: Do I have an account with the company or know the person who is contacting me? If the answer is “No,” it is likely to be a phishing scam. Go back and review the advice on “How to recognize phishing” and look for signs. Where you can verify that it is a phishing email, report the message and then delete it. If the answer is “Yes,” contact the company using a phone number or website you know is real — not the information in the email. Attachments and links might install harmful malware.

What to do if you responded to a phishing email

If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer software immediately. Then run a scan and remove anything it identifies as a problem. If you get a phishing email or text message, report it. The information you give helps fight scammers.

Be cybersmart, be proactive, be reactive; prevent and report phishing incidents and help us keep Eswatini safe and secure.