9 ways to identify a phishing scam
Can you spot a phishing email?
If you fall victim to a phishing attack, you could end up with malware installed on your computer and your personal information being stolen.
Many cybercriminals still use phishing emails as their weapon of choice. They send email messages with convincing stories, luring you in to their nasty tricks. A phishing scam might ask you to open an attachment or click on a link. Then, before you know it, your privacy is under attack.
Being able to spot a phishing email is the best way to defend yourself against this type of cyberattack.
Here are nine tips on how to sniff out a phishing scam:
1. 'Dear member' and other such generic greetings
According to Cisco Systems, cyber con-artists who send phishing emails will send out masses of messages at a time - a typical phishing email might go to 1 million email address. The cyber-attacker will make their own job easier by starting the emails with generic greetings, such as 'Dear member' or 'Dear valued customer'. Some of them might use your email address as the greeting or something as simple as 'Hi there' or 'Hello'.
2. Requesting to update your details
Cybercriminals who are sending phishing emails are often seeking your personal information. They often masquerade as legitimate service providers, usually your bank or financial institution, and they ask you to verify or update your personal details, such as your password or credit card number.
If an email asks you for your personal details, it’s more than likely a scam. Always be cautious about providing such information via an email.
3. Asking you to act quickly
Phishing con-artists will try to get you to act quickly before you have a chance to think about the consequences. They will create a problem and try to convince you that it needs your urgent attention. For example, they might pretend to be a service provider, such as your electricity company, and they’ll tell you that your credit card on file has declined and you have 48 hours to update your details or your power will be cut.
4. They look like legitimate senders
Often a phishing email looks like the real thing because the email address in the ‘from’ field looks legitimate. Cybercriminals send their phishing scams from deceptive email addresses so you believe they are genuine. For example, they might send an email from the address ‘firstname.lastname@example.org’ rather than the real ‘email@example.com’. The differences can be so small, you have to pay close attention.
5. They include legitimate-looking URLs
Not only do phishing con-artists create fake email addresses, but they will create entire fake websites.
Often, a phishing email will include a link for you to follow. The text and links displayed in the email might be genuine names and URLs – but the trick is, the URL they are displaying might not be the URL you are taken to. For example, the email might display the link www.paypal.com, but when you hover your mouse over the link, it might reveal that the actual URL is leading you to a website in Africa. These deceptive links lead to fake websites that look real, but are really built to steal your personal details and install malware on your device or computer.
6. Dangerous attachments
Many types of computer files can contain malicious codes, including PDF files, Microsoft Word (DOC and DOCX) documents, and executable (EXE) files. If you open a document that has a malicious code, it might lead to malware being installed on your computer.
You have to be cautious when opening any document, especially if it’s something that you weren’t expecting. Legitimate companies generally won’t email files out of the blue. So, unless you specifically asked for a document to be emailed to you, be wary of attachments, whether they are from an individual you don’t know or an organisation you are familiar with.
7. Bad grammar and spelling
The cybercriminals who send out phishing emails are often from foreign countries. The emails may have lots of spelling mistakes and grammatical errors. Cybercriminals may even deliberately misspell words so their emails will get past spam filters. For example, they might say ‘Free V1agra’ instead of ‘Free Viagra’ to trick the filters.
8. Asking for donations
Digital con-artists have no compassion and the worst thing is they prey on people who do. They often send out phishing emails that claim to be raising funds. One well-known case happened after Hurricane Katrina. Phishing emails were sent out asking people to donate to the Red Cross relief effort. The emails included links that took victims to a number of websites that looked like real donation pages for the Red Cross. However, they were fake websites built by cybercriminals specifically to steal credit card numbers, PayPal passwords and other personal details from well-meaning donors. The American Red Cross reportedly uncovered over 15 of these scamming websites.
In another recent case, GoFundMe reported that it was watching more than 150 bogus GoFundMe sites claiming to raise funds for Orlando shooting victims.
9. Claiming you’ve won
They’ve fallen behind in popularity now, but sometimes phishing emails inform you that you’ve won a lottery or prize. These emails usually ask you to provide your personal information and pay a fee to process your winnings. If you receive an email that says you’ve won something that you didn’t enter, delete it – it’s a phishing scam.
Surety IT can give you further advice around phishing emails.
About the Author
Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.
Call us today on 1300 4 787 389 or email firstname.lastname@example.org to discuss your requirements.