Phishing Scams (part 1)

Phishing scams explained and how to avoid them

We recently wrote a blog on looking out for and avoiding fraud and scams during the coronavirus lockdown and beyond, and how it’s important that you remain vigilant and guard against criminals using publicity around coronavirus as a chance to target you – click here if you didn’t see it.

Unfortunately, these aren’t the only ways that criminals are targeting us. The internet can be an amazing place but unfortunately, it can also make it very easy for fraudsters to create incredibly convincing scams.

In this blog and the next one, we take a look behind the scenes so you can see how fraudsters run them and to help you learn how to spot their tricking ways. We will explain how phishing scams work and how they design websites that look so convincing that they actually manage to take people’s money.

Phishing scams

A common scam that many of us have come across is a text message that says that the HMRC (HM Revenue & Customs) owes us money. The message asks to click on a link so that we can receive what we are owed. The link isn’t the HMRC’s official website that you would normally go to, but it does have HMRC in it and looks legit – you pay tax so it must be real – right? No! Never click on the link (or on any link you are unsure of) because once you have and filled out your details, a bit later on some unexpected spending on your account will happen and you will have been scammed!

 

This type of scam is called Phishing.

Fraudsters can make it very difficult to spot if a text message is real or fake as they make it look like it’s from whoever they are pretending to be. They can also add words or websites you’re familiar with to make them look legit.

So how do the scammers get such convincing links?

The most important part of a link is the “root domain” – e.g. tax-refunds.org. It could also be ‘.com’ – ‘.co.uk’ or ‘.net’ plus many others. Some can only be used by specific people like the UK government who use ‘.gov.uk’. Most domains are available for anyone to buy if someone else doesn’t own them and once fraudsters buy a domain they can make it look credible and add as many subdomains and paths as they like.

Here are some examples of how they can be changed below:

 

Link Root domain Real or fake?
gov.uk/claim-tax-refund gov.uk
gov.uk.claim-tax-refund.com claim-tax-refund.com ⛔️
gov-uk.tax/claim-tax-refund gov-uk.tax ⛔️
taxreturn.com/gov.uk/claim-tax-refund taxreturn.com ⛔️

 

Spotting if a link is real or fake can be very tricky. Just because the link includes words or websites you are familiar with doesn’t mean that they are real. So please be extra careful and vigilant when you receive this type of text. Next time we look at how to spot a fake website.

Share this: