By Emily Andrews
Imagine seeing an urgent email or text from your bank popping up on your phone, saying there’s a problem. The message states that your account is on hold due to some verification issues, and you need to send your details again or else.
There’s even an “Update Now” link on the email for your convenience. How nice of them. You click on the link, update your details, send, and BAM!
The scammers pwned you: hook, line, and sinker. Please don’t be a victim and read on.
What are phishing emails?
Criminals design phishing emails to look like legitimate correspondence from actual, reputable companies. Scammers create emails or text messages that look exactly like Netflix, PayPal, Amazon, or a bank sent them – complete with a logo and everything else. The purpose of phishing emails is to steal your identity, money, or both.
Criminals do it by collecting passwords, account numbers, and Social Security numbers. Once scammers have these details, they can gain access to your bank, email, and other accounts. Phishing emails also contain links to sites that look like the real thing but designed to capture credit card details and personal info. The worst offenders even distribute malware.
How to spot a phishing email.
Criminals often evolve and use different tactics, but the signs and parts of a phishing email remain consistent.
1. You get an email saying you won the lottery despite not playing.
This scam has been going on for years. Criminals send an email congratulating you on winning the lottery. Before you can claim the prize, though, you need to send money to pay for attorney’s fees and taxes. There’s a similar phishing scam about winning a raffle.
2. Phishing emails urge you to take action ASAP.
Phishing emails tend to use the word “urgent” a lot and will tell a story to dupe you into opening an attachment or clicking on a link. Criminals also love to use trusted companies, banks, social networking sites, and credit card companies for this ruse. These emails look like the real thing if you don’t scrutinize it, complete with logos and other content.
3. Use of the word “Dear” or “Friend” and not your real name.
Services that you have an account with try to personalize their emails as much as possible. Sites like Netflix will use your first name, while your bank may use your first or last name (with a title) when addressing you.
4. The email contains typos, misspellings, and improper use of grammar.
Checking for misspellings and typos are the easiest way to spot a phishing email. Some scammers are not from English speaking countries, and suffer if they have to make content from scratch. Large organizations have editors or proofreaders that make sure every email they send is error-free.
5. The email originates from a weird URL, and the hyperlinked URL is different.
Phishing emails use URLs that resemble the actual one, but with a few changes. For instance, only government agencies can use a .gov address. If scammers want to impersonate a government agency, they can only use common ones like .com and add the word “gov” somewhere in the URL.
Hover your mouse over the address in the “from” field to verify if the web domain lines up with the supposed sender. You can also hover over any hyperlinks in the email (don’t click) and check the pop-up that displays the actual URL.
Protecting yourself from phishing emails
There are several ways to protect yourself from phishing attempts:
-
Secure your computer and devices by installing the latest software updates or patches.
-
Use a firewall, antivirus, and VPN on applicable devices.
-
Keep your data backed up in the cloud or on a hard drive not connected to the network.
-
Do an reverse email lookup if you suspect the sender is trying to scam you.
· Use multifactor authentication on all your accounts to make it harder for scammers even if they get your username and password. Authentication could be an app, a text message sent to your phone, or your fingerprint.
· If you’re a victim of identity theft, go to IdentityTheft.gov.
· Report/forward phishing emails to spam@uce.gov, ftc.gov/complaint, and reportphishing@apwg.org.
· Forward text messages to SPAM (7726).
Remember, phishing attempts may contain:
· An offer for free stuff or a free coupon.
· An email with a fake invoice and a link where you can make payment.
· A message about being eligible for a government refund if you register.
· A notice of multiple log-in attempts or suspicious activity in your account.
· Claims that your account is on hold because of a problem with your payment details.
· A message is saying you must confirm personal information.
Scammers launch phishing attacks by the thousands, like casting a wide net while fishing. They often end up successful, giving them funding for their next hit. According to the FBI, victims lost $30 million to phishing scams in 2017 alone. Don’t play into their hands and protect yourself now by following the tips outlined above.
Emily Andrews (pictured) is the marketing communications specialist at RecordsFinder, an online public records search company.