Diff: Phishing
Comparing revision #2 (2026-06-22 07:34:31) with revision #3 (2026-06-22 16:25:24).
| Old | New |
|---|---|
'''Phishing''' is a form of social engineering in which criminals use emails, text messages, phone calls, social media messages, or websites to trick people into revealing information, opening malicious files, sending money, or visiting fraudulent websites. |
|
'''Phishing''' is a form of social engineering in which criminals use emails, text messages, phone calls, social media messages, adverts or websites to trick people into revealing information, opening malicious files, sending money, or visiting fraudulent websites. |
|
The National Cyber Security Centre describes phishing as scam emails, text messages or phone calls used to trick victims, often by making them visit a website that steals bank details or other personal information, or downloads malicious software. |
|
The National Cyber Security Centre describes phishing as scam emails, text messages or phone calls used to trick victims. The aim is often to send the victim to a website that steals bank details or other personal information, or downloads malicious software. |
|
== Common Channels == |
== Common Channels == |
Phishing can arrive through: |
Phishing can arrive through: |
* Email. |
|
* Text message. |
|
* Phone call. |
|
* Messaging apps. |
|
* Social media. |
|
* Fake adverts. |
|
* QR codes. |
|
* Fake login pages. |
|
* Compromised websites. |
|
* email; |
|
* text message; |
|
* phone call; |
|
* messaging apps; |
|
* social media; |
|
* fake adverts; |
|
* QR codes; |
|
* fake login pages; |
|
* compromised websites. |
|
Text-message phishing is often called smishing. Voice-call phishing is often called vishing. |
Text-message phishing is often called smishing. Voice-call phishing is often called vishing. |
== Impersonation == |
== Impersonation == |
Phishing usually depends on impersonation. Criminals may pretend to be a bank, courier, government department, police force, employer, cloud service, streaming provider, parcel company, dating platform, or cryptocurrency exchange. |
|
Phishing usually depends on impersonation. Criminals may pretend to be a bank, courier, government department, police force, employer, cloud service, streaming provider, parcel company, dating platform or cryptocurrency exchange. |
|
The message often creates urgency. It may claim that an account will be closed, a parcel is waiting, a payment has failed, tax is due, a refund is available, or suspicious activity has been detected. |
The message often creates urgency. It may claim that an account will be closed, a parcel is waiting, a payment has failed, tax is due, a refund is available, or suspicious activity has been detected. |
== Links and Attachments == |
== Links and Attachments == |
A phishing link may lead to a fake login page, payment page, malware download, or form asking for personal details. Attachments may contain malicious documents, scripts, or links to further pages. |
|
A phishing link may lead to a fake login page, payment page, malware download or form asking for personal details. Attachments may contain malicious documents, scripts or links to further pages. |
|
The visible link text may not match the real destination. Criminals also use lookalike domain names, shortened links, compromised legitimate sites, and spoofed sender names. |
|
The visible link text may not match the real destination. Criminals also use lookalike domain names, shortened links, compromised legitimate sites and spoofed sender names. |
|
== Reporting in the UK == |
== Reporting in the UK == |
Suspicious emails can be forwarded to the National Cyber Security Centre's Suspicious Email Reporting Service at report@phishing.gov.uk. Suspicious text messages can usually be forwarded to 7726, the free spam-reporting service used by mobile providers. |
Suspicious emails can be forwarded to the National Cyber Security Centre's Suspicious Email Reporting Service at report@phishing.gov.uk. Suspicious text messages can usually be forwarded to 7726, the free spam-reporting service used by mobile providers. |
If money has been lost, account access has been stolen, or a person has been hacked, GOV.UK directs people in England and Wales to Report Fraud. In Scotland, reports should be made to Police Scotland. |
If money has been lost, account access has been stolen, or a person has been hacked, GOV.UK directs people in England and Wales to Report Fraud. In Scotland, reports should be made to Police Scotland. |
== Practical Examples == |
== Practical Examples == |
=== Fake Bank Login === |
=== Fake Bank Login === |
An email claims that a bank account will be suspended unless the user logs in. The link opens a copied bank page controlled by criminals. |
An email claims that a bank account will be suspended unless the user logs in. The link opens a copied bank page controlled by criminals. |
=== Parcel Fee Scam === |
=== Parcel Fee Scam === |
A text message says a parcel is waiting and asks for a small delivery fee. The payment page collects card details. |
A text message says a parcel is waiting and asks for a small delivery fee. The payment page collects card details. |
=== Business Invoice Attack === |
=== Business Invoice Attack === |
An attacker sends an email pretending to be a supplier and changes bank details on an invoice. This overlaps with business email compromise. |
An attacker sends an email pretending to be a supplier and changes bank details on an invoice. This overlaps with business email compromise. |
== Prevention == |
== Prevention == |
Useful habits include checking the sender and domain carefully, avoiding links in unexpected messages, using bookmarks or typed addresses for important services, enabling multi-factor authentication, keeping software updated, and reporting suspicious messages. |
Useful habits include checking the sender and domain carefully, avoiding links in unexpected messages, using bookmarks or typed addresses for important services, enabling multi-factor authentication, keeping software updated, and reporting suspicious messages. |
== See Also == |
== See Also == |
* [[Spam]] |
* [[Spam]] |
* [[Technical Support Scam]] |
|
* [[Scamming Techniques]] |
|
* [[Advance Fee Fraud]] |
|
* [[Technical_Support_Scam]] |
|
* [[Scamming_Techniques]] |
|
* [[Advance_Fee_Fraud]] |
|
== References == |
== References == |
* [https://www.ncsc.gov.uk/collection/phishing-scams National Cyber Security Centre: Phishing scams] |
* [https://www.ncsc.gov.uk/collection/phishing-scams National Cyber Security Centre: Phishing scams] |
* [https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email National Cyber Security Centre: Report a scam email] |
* [https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email National Cyber Security Centre: Report a scam email] |
* [https://www.gov.uk/report-suspicious-emails-websites-phishing GOV.UK: Avoid and report internet scams and phishing] |
* [https://www.gov.uk/report-suspicious-emails-websites-phishing GOV.UK: Avoid and report internet scams and phishing] |
* [https://www.askthe.police.uk/faq/?id=ea404fa3-420e-f011-998a-6045bdcf9c56 Ask the Police: suspicious, phishing or scam email advice] |
|
* [https://www.reportfraud.police.uk/ Report Fraud] |
* [https://www.reportfraud.police.uk/ Report Fraud] |
[[Category:Fraud]] |
[[Category:Fraud]] |
[[Category:Cyber security]] |
[[Category:Cyber security]] |