Phishing emails and hoax websites ask you to click on links, contact them, or open attachments to update your account information, confirm your password or confirm a purchase you haven’t made. When you follow the links, the sites are unsecured, letting the fraudsters collect your login details and/or financial information.
Phishing scams almost always imitate well-known companies and include company logos, official-looking email templates, or phone call scripts similar to genuine company communications. There are some things to look for that can help you tell the difference.
Look for these signs when you receive an email you weren’t expecting. Is the greeting generic or missing? Our emails always include your full name exactly as shown in your account. Are there attachments? Do the links look genuine? Hover over them before clicking to check. Is the design or logo out of date? Does the email demand you act immediately? Are there spelling or grammatical errors?If you answer “yes” to any of the above, the email may not be legitimate.
Whenever you land on a website from a link, check for these signs to make sure you’re safe. Is the S (for “secure”) missing from the “https” at the start of the web address? Is the padlock in your browser’s address bar missing? Is the design or logo out of date? Are there spelling or grammatical errors? Does the website address look unusual?If you answer “yes” to any of the above, you might be on a hoax website.
Smishing or mishing is the SMS or text equivalent of a phishing email. It can even come through social media apps and sites. The message is usually urgent, asking you to call a number or click a link to cancel a transaction you don’t recognise or update your information.
Vishing is a voice call phishing attempt. It’s often a recorded message that tells you there’s an urgent problem or you have an overdue bill. They may even mention the police or government authorities. Don’t call them back, even if the caller ID says “PayPal” or another trusted company.
If you’ve received a phishing email or stumbled across a hoax website, even if you’re not sure, forward it to us at email@example.com and we’ll investigate it. Make sure you forward the email (don’t send it as an attachment) so valuable tracking information about the source stays intact. Once done, delete the email permanently from your inbox – never click any links.
1. Run an antivirus scan on your system to make sure you didn’t pick up any malware.
2. Change all your passwords, PINs, and security questions immediately.
3. Report it to the police, PayPal, your bank, and credit card providers.
4. Keep an eye on your online account statements for unusual activity.
Strong passwords and PINs keep your account safer.
Keep your computer and mobile device secure.
Watch out for scams and learn to protect yourself.
Gosafeonline is a website by the Cyber Security Awareness Alliance of the Singapore Government. It’s a great place to find the latest information about staying safe online and talking to children about internet safety. It also gives guidance for reporting online security incidents.