Phishing scams refer to scams that are in email form that appear to come from legitimate sources (your Internet provider, your bank, etc.). These messages will typically direct the user to visit a website where they will then be prompted to input/update personal data such as a password, social security or bank account numbers, credit card, or other private information. From this the cybercriminals can use the information to commit identity theft and steal money.
Generally these messages claim that you are receiving the message due to fraudulent activity and are being asked to click a link to verify your information. A single click can be the difference between maintaining data security and suffering massive financial losses.
These messages can often times look genuine including logos and other identifying information taken directly from that company’s website. Even the links inside the email make it appear that you are going to go to that companies website.
One website states that, “from October 2013 through February 2016, US law enforcement received reports from 17,642 victim of phishing attacks. This amounted to more than $2.3 billion in losses.”
So, what do we do with this information?
Here are some tips to quickly spot the red flags of phishing emails.
1. Poor spelling and grammar
While occasional typos happen to even the best of us, cybercriminals are not known for their grammar and spelling. An email filled with errors is a clear warning sign. Most professional companies and organizations have a staff of editors and put their messages through multiple review stages making sure that language and grammar are refined and ready for mass marketing. Therefore, errors throughout the entire message are a good indicator that the message was not reviewed or cared for to a professional level meaning it is likely fraudulent.
2. An offer too good to be true
We all love free stuff. Who wouldn’t want to win a large sum of money or a car or something similar? When an offer comes out of nowhere and with no catch? There’s definitely cause for concern. Always investigate the origins of a claim like that and take care not to click on anything in the email without further digging.
3. Random sender who knows too much
Phishing has advanced in recent years to include ‘spear phishing’, which is an email or offer designed specifically for you from a business or “friend.” The spear phisher thrives on familiarity and takes details from your public channels to use it against you. Because this is often times from someone we know or a company we know well, we are less vigilant and are quick to click links or hand over the information. Always be hesitant when this kind of personal information is being requested.
4. The URL or email address is not quite right
Beware of links in an email. If you see a link in an email that looks suspicious, don’t click on it. One of the most effective techniques used in phishing emails is to use a URL that looks almost legit. For example, the website could look like it is in fact from your bank, but when you hover your mouse over it (do NOT click) there will be a review of where that link is going to take you. If it doesn’t look right or is completely different from the link text, mark that message as spam because it most likely is.
5. It asks for personal, financial or business details
Legitimate companies will NOT ask for personal or financial information in an email. If you feel like the email might be real, the best thing to do is call the provider that is asking for the information to see if they sent the email (and call the number you know, not a number that is listed in the email).
Unfortunately there are greedy people out there that prey on those who are uneducated or not diligent about protecting their identity. It can happen to the best of us, which is why it is important to be mindful and to stay up to date on anti-virus software and educating yourself on the different methods used.
Remember, when in doubt, don’t click.