29 Aug Phishing 101 – What is it and how to deal with phishing
What to look for and what to do when you receive one
What is Phishing?
A phishing scam is an email that seems legitimate but is an attempt to get your personal information, and/or account data. Once your info is obtained, hackers can create new user credentials to access your accounts in order to steal from you or install viruses/malware into your system to steal sensitive data. Either way, the intent is to do harm and steal from you.
Scammers can also use a technique called spoofing to make it appear as if you’ve received an email from someone you know or a legitimate company that you may do business with. They do this by imitating the email “sender” address to look similar to the senders actual email address. (e.g. email@example.com vs. firstname.lastname@example.org, or email@example.com vs. firstname.lastname@example.org)
How to Spot a Phishing Email
It can be difficult to distinguish a fake email from a valid one, however most have subtle hints that can help you determine if it’s a scam or legitimate. When you receive an email that seems suspicious, ask yourself a few questions.
- Does the email ask for personal, sensitive information? A legitimate email wouldn’t request your sensitive information via email. Chances are, if you receive an unsolicited email that provides a link or attachment and asks you to provide sensitive information, it’s a scam. If you receive an email asking for a password (other than a password reset link that you initiated), credit card information, credit scores, social security number, or tax numbers or a link from which you need to login, it’s most likely a scam and you should not provide any personal, sensitive information, nor click on any links or open any attachments.
- Does the email address you by name? Legitimate people/companies with whom you have a relationship with would typically address the email to you by name. If the greeting is generic such as “account holder” or “customer”, that’s a red flag. That being said, some will avoid a salutation all together as to not put up a red flag.
- Does the email sound too good to be true? Oftentimes scammers will send emails stating that you are due a refund, a credit or some other monetary benefit. These can look like they are coming from your bank, the IRS, a credit card company or a well known company like Amazon, PayPal, etc. Remember, their goal is to get you to click, open an attachment or reply so that they can gain access to steal from you. When something sounds too good to be true, it probably is.
- What email address is the email coming from? Legitimate companies have a domain (e.g. SOSSupport.net). It’s vitally important that you not only check the name of the person sending the email, but also check their actual email address which if not displayed, you can easily view by hovering your mouse cursor over the “from” address. Ensure there are no alterations to the domain such as additional numbers or letters (e.g. email@example.com vs. firstname.lastname@example.org – notice the extra “s” at the end of the first email address).
- Does the email have poor grammar and/or spelling errors? We all make mistakes and sometimes we will get a legitimate email from someone we know with an error or two, however generally speaking a legitimate company would ensure proper spelling and proper grammar. Oftentimes you can spot a scam simply by reading the email, recognizing bad writing and/or writing that doesn’t seem to fit the person/company it supposedly comes from. This is especially true if the email looks as if it is coming from someone you know, but what it says or asks for isn’t something you would expect from that individual.
- Is the body of the email an image with a hyperlink? This can be hard to tell sometimes because scammers are witty and know how to make an email look authentic. Sometimes these phishing emails are coded as an image or images that link to a fake webpage which if accidentally or deliberately clicked on anywhere in the email (not just on any buttons in the email) will open a bogus webpage or potentially download spam onto your computer. Many email programs will not automatically download email images to protect you and you will see a message at the top of the email stating something similar to “click here to download pictures…..” This is a good way to know that the email has an image and if there are other red flags, you should avoid clicking anywhere in the email. Remember, it only takes one click! If your email program doesn’t provide this feature, you can hover your mouse over the body of the email and if it is an image(s) with hyperlink(s) you will see a hyperlink pop-up showing the URL hyperlinked to the image(s).
- Does the email display a logo? Scammers oftentimes make logo’s to look like it comes from a legitimate company as well, but if you look closely, the logo is slightly off. You can check by going to the actual website and comparing the logos.
- Is the email an urgent request? Oftentimes marketers send emails that sound urgent in order to pursuade you to buy, for example “Buy Now”, “Upgrade Today”, “Your Membership/License is About to Expire”. These can be legitimate marketing emails, but you can verify this by asking yourself the questions above, looking for those red flags and contacting the person/company the email appears to come from to confirm. Scammers will also play on our human psychology by urging you to immediate action, for example “Your account has been locked”, “Suspended account”, “A login attempt was made to your account”. If the email is pushing for an immediate action, this should be a red flag.
What to do if you think you received a Phishing email
- The most important thing to do if you believe you have received a phishing email is to NOT click on any links or in the body of the email (in the case that the email is coded as a hyperlink from an image(s)), do NOT open any attachments and do NOT reply to the email.
- If the email looks as if it is coming from a company that you have a relationship with, you should call them and verify if the email is from them. If it is not, oftentimes they will provide you with a way to report it to them as a scam.
- If the email looks as if it is coming from a person that you know, you should contact that person to verify if the email is from them.
- Once you’ve confirmed it is indeed a scam/phising email, delete the email or send to your email programs’ Spam email folder.