Phishing, social engineering and online scams

Phishing - think before you clickWhatever you call it, phishing, social engineering or ‘hacking the mind’ always relies on human weaknesses to succeed

Phishing or social engineering attacks are increasingly being used by cyber criminals to trick internet users into revealing sensitive information – website login details, bank account or credit card details or personal data that forms part of your identity.

Phishing emails (note the ‘ph’) are designed to look official and may use an ‘urgent security alert’ or other reason for you to immediately visit a website to confirm your personal details.

Misspelt website addresses or URLs can be bought and set up to look similar to your bank website with copied logos and login forms the added touch that aims to convince you to enter your account login information.

Beware the friend in need

A friend’s hacked email address can now be used to send highly convincing – but fake – appeals for emergency help or direct you off to ‘interesting’ video or photo content, perhaps involving a celebrity sex scandal.

Click the link in the email though and you may end up on a website designed to infect your computer if you haven’t fully patched the operating system and all software on it, particularly Java and Adobe Flash.

Even social networks have been affected by spam or malware links added via rogue apps or compromised accounts.

The Big Prize Pirahna - an 'advanced fee fraud' special often received via email or txt.

The Big Prize Pirahna – an ‘advanced fee fraud’ special often received via email or txt.

So long and thanks for all the phish

Not sure what to look out for? Check out the NZ Phishing Species, a series of imaginary ‘phish’ designed by cartoonist Chris Slane to illustrate all manner of online scams and social engineering angles you may encounter online.

How to avoid getting phished

  • Learn about the various phishing species that try to hook you and reel you in
  • Be careful when you receive emails requesting urgent account verification
  • Don’t download and open unexpected attachments
  • Curiousity killed the cat – avoid clicking on video or photo links posted on your newsfeed
  • Don’t respond, download files or click on links to websites you’re suspicious of
  • Investigate any online offers carefully that appear to be too good to be true
  • Check to see if your anti-virus software comes bundled with anti-phishing tools or consider installing the crowdsourced browser plug-in Web of Trust (WOT).

More information: