Hackers use phishing as it is the easiest way to obtain sensitive information. Without phishing, a lot of work and effort is required to compromise a person’s data.

E-mail is normally hacked in the following ways:

• Brute force i.e. a hacker uses software to guess the password.
• Social engineering
• Key loggers
• Fake web pages/login pages

This is not an exhaustive list but these are the most common ways that e-mail is hacked.

The difference between phishing and spam is that phishing aims to obtain information from you whereas spam typically gives you unwanted information.

When you get phished, you’re likely to have either your personal information stolen and used against you (such as to steal your money) or your data and files on your laptop will be locked up (i.e. encrypted).

If someone has phished you and encrypted your data, they will likely ask for a ransom to be paid in order to unlock it. The software used is known as ransomware.

The following are signs that someone is phishing:

• The e-mail address/domain name doesn’t match the company they claim to represent
• The message sent to you contains spelling mistakes or poor use of language
• You are being asked to take action and enter personal details
• The message asks you to click a link or download a file
• The message you have received has come out of the blue
• You receive a message from a company that you have no history dealing with

This is not an exhaustive list so, if you are unsure, ask somebody else to check the information you have been sent. A simple way of checking is to contact the company using details you find on their official website and asking them about the message you have received.

There is no one way to avoid phishing but there are ways you can avoid being a victim of phishing.

General advice is to double check information sent to you such as whether the source is legitimate or assess what you are being asked to do. If you are being asked to enter personal information, always contact the individual or company asking for it using official contact details. This can include the number on the website or by asking them in person.

The following are signs that someone is phishing:

• The e-mail address/domain name doesn’t match the company they claim to represent
• The message sent to you contains spelling mistakes or poor use of language
• You are being asked to take action and enter personal details
• The message asks you to click a link or download a file
• The message you have received has come out of the blue
• You receive a message from a company that you have no history dealing with

This is not an exhaustive list so, if you are unsure, ask somebody else to check the information you have been sent. A simple way of checking is to contact the company using details you find on their official website and asking them about the message you have received.

The most common example of phishing is an e-mail or text message which tells the user that there is a security issue with one of their online accounts.

If the user clicks a link it will take them to an unsecure platform and ask for personal details to be entered. If the user downloads a file, the file will probably contain malware which infect the device.

Phishing is the act of convincing someone to interact with malware or unsecure portals using a message which appears legitimate.

An example of phishing is when you receive a message, such as a security alert, asking you to take action either by clicking a link or downloading and opening a file.

The link or file will contain malware that is activated by the user interacting with it.