The drinks are flowing.
You're watching your friend passionately (and terribly) sing Cher's Gypsies, Tramps and Thieves on the karaoke machine (cue the second hand embarrassment).
Suddenly your phone vibrates.
The disappointment that it's not a text from that special someone is quickly replaced by concern:
It's an email from PayPal, there's been some suspicious activity and you need to login to reactivate your account!
This is where that fatal mistake is easy to make. You're one-eye-closed squint reading this email and decide you need to login and solve this right now, missing the alarm bells which would be so obvious from your laptop in a quiet office.
You open the link, and type your login details into the legit looking PayPal website...
Another victim to a common but easy to avoid scam!
So what are phishing emails, and how can we learn to spot and avoid them?
Phishing is like lowering a hook with a little plastic worm on it into your inbox.
Except the little plastic worm is a legitimate-looking email designed to lead you to an equally legitimate-looking website where you input your login details.
Once input, the phishermen will have access to your account, and can steal your information or money.
Don't become the catch of the day!
The Warning Signs: Subtle but Noticeable
Check which domain the email came from. Phishing emails are sneaky and use a slightly altered domain name (@paypaI.com... that's a capital i on the end) or a legit looking address with a fake domain name (firstname.lastname@example.org).
Spelling and grammar tends to be a bit off, and it is even thought this can be intentional to target less cautious users. In the example above, there is a missed space (Recentactivity), and the word Confirm is randomly capitalized in the second paragraph.
Have a look at any links WITHOUT CLICKING ON THEM by hovering over with your mouse and seeing the URL which appears at the bottom of the screen. If it seems suspicious, do not click on it. If you do end up opening a link from an email, you should always check the URL at the top in the address bar before logging in, as this is a dead giveaway.
Finally, if you do end up falling victim to a phishing attack, don't despair. Immediately visit the website for which your details were stolen by typing the address or googling it yourself.
Change your password... and probably all your other passwords too.
Stay safe out there!