There are “phishing emails” doing the rounds. They usually have “Important” followed by a reasonable looking title and if you open them there is a button inviting you to click.

Please don’t!

An example of a phishing email with an inviting blue button

If you do click you will be asked to provide your email address and password.

Please don’t!

If you did fill these details in then the “person” or computer that receives the information can login to your account and use your email and contacts list to send further phishing emails to other people. They also sell lists of email addresses and passwords to other people.

So, please don’t give your details away and if you suspect you have done or your friends are getting these phishing emails from you, change your password. It is also worth doing a virus or malware scan if you use a PC and notifying the person who you received the original email from so that they can take action as well.

Here are five tips to help you avoid phishing:

1. Fake URL (the web address of a link)
   The URL in a phishing message in an email may seen perfectly legitimate, however, if you hover your mouse pointer over the URL without clicking it (or on a iPad hold your finger down on the link for several seconds) you can see the address of the link. If the URL address in your email is different from the address hyperlinked, this is will be a phishing email. Here is an example of a URL that is pretending to be something else – try it out – it is safe in this case!
   Click here to visit our school website http://allertonceprimary.com
2. Domain name
   In phishing emails you may find that the sender has used a different domain names from the legitimate source. When you look at the last part of a domain name, you can see the domain is different from the original. For instance, while the web address for our school website http://allertonceprimary.com, a phishing email might provide a link to http://allerertonceprimary.myhacksite,com
3. Poor spelling and grammar
   An email with poor grammar or spelling mistakes will probably be a phishing email. Emails from school or banks or other organisations usually have much higher standards and hopefully have few spelling or grammar mistakes!
4. Personal information
   An official institution never asks for your password, credit card number or the answer to a security question via an email. Beware of such messages.
5. Beware of the message content
   If you get an email telling you that you have won a lottery when you haven’t bought a ticket, or offering you a free gift and all you you have to do is provide your password or other access information then is probably a phishing email. Read the content carefully and think!

To stay safe never share your credentials such as passwords and sensitive information like bank account numbers etc.

If you would like to know more about phishing and how to stay safe here are some useful links:

• A useful article on how to recognise and avoid phishing
• Phishing.org – “a resource for IT professionals to keep you up to date on the latest phishing threats as well as a way to help better educate your users to make smarter security decisions when it comes to phishing”