You’ve just won a million bucks in a lottery in Zimbabwe. All you have to do is click on a link and provide the information needed for “verification,” or so the email sender says.

Nobody would fall for that trick, you tell yourself. But then some of these fraudsters have upgraded their skills. They learned to be subtler and more elaborate with their schemes. The email address seems legitimate, the links to the web pages have a professional look, and the grammar is perfect.

And you fall for it. No wonder phishing continues to be a menace today.

Phishing is a method used by cyber criminals to obtain confidential information by impersonating a legitimate or reputable company via fraudulent emails, text messages, or social media accounts. The information is then used to commit identity theft or fraud which can lead to other forms of cyber threats such as malware, ransomware, and denial-of-service attacks.

For Ramon Jocson, executive vice-president and head of Enterprise Services of Bank of the Philippine Islands, being able to prevent phishers from getting your or a customer’s personal information is the best way to deal with phishing.

“Online security is a shared responsibility between the individual, customer, or client and the business or organization. Everyone involved in the security of an account or personal information should be perceptively wary and vigilant. A lapse in caution compromises all involved,” said Jocson.

He shares some simple guidelines on how to protect yourself from phishing:

  • Be wary of messages asking for confidential information.
  • Think twice before clicking links on emails that direct to a website. Such links can lead to malicious websites that can cause your PC or mobile phone to be infected.
  • Hover your mouse pointer over the link and copy of the URL. The hyperlinked URL will be shown in the status bar at the bottom of your email. If it does not match the URL you intend to visit, it is most likely a fake website.
  • Do not share your personal information such as username, password, email address, and credit card details (like the 3-digit security code and expiry date) with anybody.
  • Familiarize yourself with a website’s privacy policy so you will know how the information you shared in that website will be used.
  • Verify site security. A secure website begins with https: and has a lock icon in the page, which means that it uses an SSL protocol.
  • If possible check your accounts and change your passwords regularly. Update apps in your mobile as well because these include bug fixes and new security features that prevent criminals from exploiting the app’s flaws.
  • Contact and report to the company that has been “spoofed” in the phishing scam.

“Securing personal information and minimizing fraud are not the sole responsibility of IT experts. A cyber security strategy should entail a comprehensive approach that involves everyone,” Jocson added.