Estimated reading time: 6 minutes
Phishing scams can be very convincing and hard to spot. They can take many forms, but they always have the same goal – tricking you into giving away your personal information, including passwords and credit card details. However, if you learn how they work, you’ll be much less likely to be fooled by them.
What is Phishing?
Phishing is a criminal attempt to get sensitive information from unsuspecting victims by using fraudulent emails and websites that look legitimate. These criminals are commonly called Threat Actors.
Threat Actors create sites and send emails that appear to be from reputable companies like banks and credit card companies. They often mimic a bank or a credit card company’s logo, colour scheme, and even their exact wording, asking you to “update your information.” In addition, these sites often request your username and password, which is used to access your online bank or credit card account.
Wrong Name or Email Address
The first thing to look out for is the wrong name or email address. Often, these scams will use an email address which looks like it’s from someone you know. However, the scammer will usually slightly change a letter in the name or email address. To avoid being fooled by this small trick, carefully check the sender’s address and make sure it matches what you would expect to see from them.
If you are unsure if the communication is legitimate, contact the sender directly through another form of communication. For example, if a purported company sends you an email, contact the company’s customer service line directly for more information about your account status. Of course, you should always find the contact details by searching the internet for contact details and not using the contact details within the email.
Spelling and Punctuation Errors
If you notice a message containing misspelt words, it’s potentially a scam. Also, note capitalisation errors in an email’s writing or subject line, as this is a clear sign of a phishing scam.
Some scammers will throw in random commas and periods to make their emails look more legitimate, but this can be a red flag showing the sender is trying to deceive you through these poorly executed tactics.
While many legitimate emails use a casual voice, it’s essential to be wary of emails or messages with poor grammar. Official communications from large companies will have very few mistakes in the text. However, misspellings, improper use of capitalisation, missing words, and typos are all red flags that can help you identify phishing attempts.
If you aren’t sure if an email is legitimate, check the email address and make sure it matches the company’s website. For example, search for “Microsoft Support” and make sure that the support email address is similar to what you see on their website. If it doesn’t match up, contact Microsoft directly using their customer support number (which should always be available on their website) to verify the communication is genuine before clicking any links within it.
Official Looking Emails (which are actually Phishing)
If you receive an email that looks like it’s from a government agency or other official sender, don’t let your curiosity get the better of you. An email that looks like it was sent from a large company is generally not what it seems – especially if it contains language about owing money.
Genuine emails from legitimate companies always include your name and contact information within the body of the message. Many of them will have a unique customer identity code, too. If you receive anything that doesn’t have this crucial information, trash it immediately.
Requesting Sensitive Information
The most common phishing scam is getting you to enter personal information, often financial account information. For example, a fraudulent message may state that your account is compromised and you need to re-enter your login credentials. Or it could raise suspicious activity on your account and ask you to verify the information.
These scams usually include a link or phone number where you can supposedly address the issue. Do not click on any links in these emails or give personal information over email – it’s never okay to send your password, personal information, or bank account details in an email, even if it looks like it’s coming from a trusted source. Threat Actors can spoof emails that appear to be coming from a legitimate source, making the email look real.
Offering Something Too Good to be True
If someone promises something for free and asks for your personal information in return, it’s probably a scam. Legitimate companies don’t give away things for free; they want your money! Delete the email without clicking on any links in it.
Here are some offers that scammers use most often:
- To reduce your debt or pay off your bills in full.
- To give you money due to an unknown windfall owed to you.
- To pay off all or part of your debt on credit cards or other loans
- To provide you with a loan with no credit check, often with low-interest rates and fees.
Threatening Action if You Fail to Act Now
This sense of urgency tactic within phishing scams encourages an emotional response. If you feel threatened or worried that something terrible might happen if you don’t act immediately, you’re more likely to click on a link or open an attachment. Scammers often use threats like “Your account will be deleted if you don’t update your password” or “You will be arrested.” As soon as you read content like this, treat it as highly suspicious.
Including Links and Attachments with Malicious Software (Malware)
Always be wary of links, attachments, or fillable forms in emails you weren’t expecting to receive. Even if the email looks legitimate, you can never be too careful. Malware can be devastating for your computer and financial security. For example, it allows hackers access to your online bank account where they can steal money or make unauthorised transactions using your identity. Or collect private information about you, including passwords, birth dates, and addresses.
The best way to protect yourself from malware is by installing security software on all devices connected to the internet (including mobile phones) and keeping it updated so hackers can’t get through.
Sending a Copy of an Old Email or Incomplete Information
If the email you receive looks like a copy of an old one, or if it’s missing certain information, such as a sign-off, it could be fake. For example, the intruder may have hacked into the original sender’s account and sent you an email using their credentials. Therefore, you should always check who the email is from before responding to anything.
If you receive an email from someone that seems out of character for them, it can be a sign that their account is compromised and they haven’t sent you the email.
Phishing, In conclusion
The next time you receive an email from an unfamiliar address, be aware of any or all of the above warning signs and act accordingly. If you’re in doubt, delete the suspicious message immediately. If you have clicked on a link within an email, run a virus scan to check for any malware infections. Finally, report the incident to the impersonated company to prevent others from falling prey to the same phishing attempt.
There are more general ways to protect yourself online, which extend further than just phishing attacks. Read our How To Keep Safe Online and Phishing, Smishing and Vishing Scam articles to further increase your chances of staying safe.