What is phishing? How to protect your personal information online

No, we haven't spelt it wrong. If you haven't heard of phishing, you'd better catch up quickly. Here's how to avoid being tricked into giving out personal data online and having your identity stolen.

A young person is walking down the street wearing a black puffer jacket. He is thinking about court procedure in the UK

Protecting your identity online

It’s important to keep all your personal details safe, not just your credit card or bank numbers. Name, address and date of birth, or facts such as your mother’s maiden name or place of birth – often used as security questions – can be worth as much to a fraudster as the pin number for your cash card. So be wary when you put this sensitive information online for everyone to see on Instagram, for example. Setting your profile to private is a quick and easy way to limit who sees what you post. We’ve got some more tips on how to stay safe online here.

They can be used to open bank accounts, take out loans, obtain or forge copies of passports, national insurance cards, or other official documents. But fraudsters could also use them to bluff their way into your accounts by contacting the bank or company involved and posing as you.

What is phishing?

Phishing is one technique fraudsters use to fool you into handing over your details by impersonating a legit organisation you might be a member of – a bank, PayPal, eBay or webmail account, for example.

What does phishing mean?

Phishing means being sent emails and text messages that ask you to click a link and use your login credentials on their website in order to ‘re-establish your account’, ‘claim a rebate’, ‘confirm your phone number’, or other vaguely plausible reasons, all so they can gain access to your sensitive data. 

However, while playing on fears of security lapses, the link or address provided will be fake and cleverly designed to imitate the real thing. Any username, password, bank account number, or other details you put into the website go straight to the scammers, who could steal your money or sell your account details to other criminals.

How can I protect myself from phishing?

Emails asking for your credit card number, bank details, passwords or anything else important are almost certainly scams. Banks and companies like PayPal, eBay or Hotmail will never ask for your username or password. Just delete the email, or if you are in any doubt, contact the company concerned to verify they actually sent it to your email address. Just don’t contact them via any links included in the email as these are likely to be fake.

Don’t click on a link in an email – it will not lead to the website it appears to. A malicious link might appear to read http://www.hotmail.com even while the HTML code underneath points to http://www.dodgy-scam-site.cn, for example. If you want to check anything, ignore the email and simply visit the site in your browser by typing or Googling the site’s name instead.

When buying anything online, only give credit card details when using a secure, encrypted connection, shown with https:// rather than http:// in your browser’s address bar. No reputable online seller would ever use a non-encrypted connection.

Get more tips for how to shop safely online here.

How to check dodgy links

Hover your mouse pointer over the link and the web address it leads to will be displayed in the status bar of your browser or email reader. Alternatively, you can see the actual destination address in the HTML by using the ‘view source’ function.

Sometimes the links might look ok at first glance, but looking closer and you might see, for example the site has ebay spelt wrong, or an extra word added to the URL. Often scammers will try to make the link look as legitimate as possible.

Other common online scams

A similar con trick are those emails claiming to be from an African ex-president’s widow offering $25 million in exchange for a small ‘administration fee’, or similar tall stories. There is no widow, no money – but the money you will lose if you pay up or give them any account details is real. As ever, if it sounds too good to be true – it is!

What other protection is there?

There is software available that can warn you of known scams, fake websites or dodgy links, for example Earthlink Scamblocker. Some popular antivirus programs also protect from phishing scams, such as AVG. All these are free.

Use a credit card whenever possible, as payments over £100 are insured by the card issuer. Keep an eye on your accounts, especially bank and credit card statements which can alert you to any unusual activity.

What should I do if I have my financial details stolen?

If you find your credit or debit card number or bank details have been stolen, contact the issuer as soon as possible to cancel the card, or freeze the account using the 24-hour hotline or phone banking service. It’s worth keeping the number in your phone or wallet in case it’s needed quickly. If something on your statement looks suspect, contact your bank or card issuer via the contact details on their website to query each charge.

What should I do if my eBay account is hijacked?

There is a page at eBay’s site to report this, and also an online fraud report hotline.

What shall I do if my identity is stolen?

If you become the victim of a phishing campaign and your personal details are used to imitate you, buy goods or services, or to create false documents such as a passport or driving licence, you will need to contact the issuing body, such as the Identity and Passport Service or DVLA, immediately.

Take a look at the rest of our tips for personal safety here.

Next Steps

By Mike Parker

Updated on 16-Dec-2022