Phishing - trying to steal your identity

What is phishing?

Phishing is described as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

From time to time you may recieve emails that look like they are from Sure or other leading companies but they are in fact a scam to try and get you to give them some sensitive information about you or your account.

It's slightly different from spam because they want you to enter your details via a link and from there they will have access to all sorts of private information about you.  

How to avoid getting caught in a phishing net

Always be suspicious. Phishing emails try to scare you with warnings of stolen information or worse, and then offer an easy fix if you just "click here." (Or the opposite: "You've won a prize! Click here to claim it!") When in doubt, don't click. Instead, open your browser, go to the company's website, then sign in normally to see if there are any signs of strange activity. If you're concerned, change your password.

Check for bad spelling and grammar.  We have seen messages riddled with spelling mistakes and bad grammar. If you're looking at something that contains these, it's almost certainly a fake.

Keep your security software updated.  An accidental click of a phishing link doesn't have to spell disaster. There are free browser add-ons that will warn you if the site you're about to visit is suspected of malicious activity. Search online for one that suits you. 

Use your phone. If you're checking email on your phone, it might actually be harder to spot a phishing attempt. You can't "mouse over" a questionable link, and the smaller screen makes you less likely to spot obvious gaffes.  Even on a mobile it's still good to exercise caution when dealing with suspicious links.

Obviously you still shouldn't complete a form that asks for your password or other personal info.  

Most of all, rely on common sense. You can't win a contest you didn't enter. Your bank won't contact you using an email address you never registered. Microsoft did not "remotely detect a virus on your PC." Know the warning signs, think before you click, and never, ever give out your password or financial info unless you're properly signed into your account.

Some phishing mail impersonates our bill notification email and the login page it links to looks convincing too. But it does not show your account number or come from a recognisable email address.  If you ever receive a second bill by email from us, take care.  We only send them once and we show your account number on it.  Compare it to the one before if you are not sure or just ask us before you click on any links.

Be on the lookout for anything not on a Sure URL.

And if you do click a link accidently or enter a password, please change your password straight away. Make it memorable but long and complicated if you can. Back up your data and install anti-virus software such as Norton or McAfee, other brands are available. Nothing is 100% as hackers are getting more and more sophisticated so refer to the tips above at all times and take care.


Have more questions? Submit a request


Powered by Zendesk