If you use email you might have received messages from your "bank" or an online retailer asking for further action on your part. Often, these emails contain a link to a phishing website where they request you to click on to fill out your information.
In most instances, this is called phishing, because criminals are fishing for your information. Below is a closer review of what is phishing, the different ways criminals employ it, and how to avoid becoming a victim of a phishing scam.
In This Guide
How Phishing Works
Criminals try to find creative ways to lure you in. One of the most effective is the email scam mentioned previously in this guide. How it works is they will craft an email that might appear similar to what your bank will send. The most detailed criminals will even include the bank's logo and coloring in the message to make it appear more authentic.
Related: Consult the ultimate guide to avoiding online scams for more examples and tips.
The phishing message usually contains a call to action. If you are not careful, your impulse prompts you to click on the link. The pop-up window takes you to a fake website that might appear similar to your bank's site. The only problem is any login credentials you submit on the website goes to the criminals, who can gather your personal data such as your Social Security number, bank account login information, credit card numbers and more. This is one of the more common ways identity theft occurs.
Criminals bank on elaborate phishing scams to work based on two factors: impulse and fear. After all, if you receive an urgent message from your financial institution, your first thought is to find out what they want immediately. By paying close attention to the message, you might miss clues that could indicate it's a phishing email.
How to Identify Phishing Scams
Since phishing scams prey on immediate emotions, it's important to take a step back when reading a suspicious email. Instead, study the design and content of the message. When doing so, you might find some of these common mistakes:
- First, go to the recipient part of the message. Does the email address you? Often, phishing scams don't include the recipient's first and last name. Instead, it will read along the lines of 'dear customer.' If you receive an email from your bank with 'dear customer,' it's a scam. After all, if the bank is notifying you of an issue why wouldn't they address the email to you?
- Next, study the contents of the message, specifically their call to action. A common one is a popular retailer messages you stating there are delivery notifications for your package. Are you waiting for an order? The goal here is to find out how relevant the message is to you. Often times, when you probe the call to action you'll see it's a general situation that could apply to anyone.
- If the email is on company letterhead, visit the company website to see if the logos align.
- Did they spell the business correctly?
- Speaking of grammar, read the e-mail message thoroughly. If you notice frequent misspellings and other grammar errors then it's likely it's an email with a link to a phishing site.
- Inspect the web address of the link. Often, phishing emails include duplicate information such as using .com twice or do not have 'https' preceding the web address.
- The last step is to scroll up to the email addresses. Are you the only recipient of the email? On occasion, phishing emails will go to multiple recipients at the same time, a dead giveaway it's a scam. You can also verify the sender's email by conducting a Google search. If it doesn't take you to the person in the company directory, or the company's customer service email, then you know it isn't legit. However, even if it matches up, it could be spear phishing.
What is Spear Phishing?
Spear phishing is a big problem because it originates through a known sender. It could be a friend, loved one or colleague who has had their device compromised or it could be someone who has gone through your personal information online via social media platforms and disguised a message based on your friends.
The hacker then attempts to steal others' information by sending you a fraudulent email with a link. The request could be for you to watch this crazy video or something as random as asking you to update your password with a social media platform.
Read More: How to Protect Your phone from Hackers
Since these are harder to differentiate than regular email phishing, it represents greater risk. To help safeguard you against having your information compromised, here are a few things you can do:
- One, you shouldn't click on links provided in emails. Even if they are from a trusted friend or relative, there are many other ways to share videos, news stories, and pictures. Always verify the links first.
- Visit the source of the link provided. Say your friend wants you to read the latest baseball gossip on ESPN. Instead, of clicking on the link he or she provided, go to ESPN directly.
- Use security tools to help you make wise decisions. Web browsers and email providers have tools that notify you of malicious content. By using these tools, it can help you stay safe when online.
- Use two-factor authentication to access your bank website. With two-step verification, the bank will confirm your identity by sending a code to your cell phone or email. This process adds another layer of security which can protect your information from criminals.
- Buy anti-virus software. You can find the best providers using our helpful guide. Make sure it has anti-phishing software attached. This can alert you to emails or websites that might contain malicious codes.
What Are Other Phishing Scams?
While email is the most common, criminals try other means of contact. A popular one is you might receive a call from someone stating they are from the IRS or tech support and they need to solve an issue with you. Often, they will sound forceful to make your situation sound dire in hopes you'll provide your personal data as a way to rectify the issue.
When presented with this situation, it's important to pause and examine the call content. For starters, tech support will contact you only if you seek them out. Two, the IRS doesn't call people. They send letters, so it's important to poke logic holes when receiving these calls.
Phishing attacks are commonplace to the point you'll eventually come across one. The important thing is to trust your gut and if something doesn't look or sound right, then don't provide information. Instead, you can call the source to verify if they are attempting to contact you.
Do you feel that you (or someone you know) are the victim of a phishing scam? You should use an identity theft protection service to restore your information and keep your identity safe. Also, check out our buyer's guide to cell phone security apps for protection on-the-go.