Phishing Tales: When in Doubt, Throw it Out
BY Brendon Clark
More and more e-mail users are becoming victims of phishing attacks; phishing, defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Once these crooks have your information, you can not only become a victim, you may also become a weapon in their arsenal as they can now send the same fraudulent e-mails as if they are from you to your friends, family and business associates. Many of these fraudulent e-mails will appear to be from people you know. Identifying phishing e-mails isn’t always easy since they look legitimate by design, but there are measures you can take to help protect yourself and your on-line reputation. Phishing emails are one of the most common online threats, so it is important to know the signature signs of this scam and know how to respond when you encounter them. Here are six ways to spot phishing attacks.
- An email asks you to enter or confirm personal information
Any time an e-mail contains a clickable link, there’s an easy way to test its legitimacy (though not always 100% accurate). Hover over the link and study the details of the hyperlink. Does the link go to the domain you were expecting? Only pay attention to the domain name, not what might be written before or after the domain. Again, if you’re unsure, delete it. Often an email will arrive in your inbox that looks very authentic. No legitimate e-mail should EVER ask for personal or security information. If it does, DELETE IT.
- An e-mail asks you to perform an unusual task
Typically involving the purchase of pre-paid cards, debit cards, money orders, etc. Be suspicious ANY time an e-mail involves financial transactions! Regardless of who you think it is from, be vigilant! When in doubt, pick up the phone and call the sender.
- Double check the sender’s e-mail address
It is often the case that a phishing email will come from an address that appears to be genuine. Criminals aim to trick recipients by including the name of a legitimate company within the structure of email and web addresses. If you only glance at these details they can look very real but if you take a moment to actually examine the email address you may find that it’s a bogus variation intended to appear authentic ‒ for example: @mail.airbnb.work as opposed to @Airbnb.com. Malicious links can also be concealed with the body of email text, often alongside genuine ones. Before clicking on links, hover over and inspect each one first.
- It’s poorly written
It is amazing how often you can spot a phishing email simply by the poor language used in the body of the message. Read the email and check for spelling and grammatical mistakes, as well as strange usage. If you know the person or company “sending” you the message, ask yourself if this e-mail seems to be conform to this sender’s usual style or wording. Also, if you weren’t expecting the e-mail or the e-mail just seems strange or different, delete and then e-mail the sender via a separate, new e-mail to verify that they sent you the e-mail. Don’t forward the suspicious e-mail to anyone.
- There’s a suspicious attachment
Alarm bells should be ringing if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected. The attachment could contain a malicious URL or trojan, leading to the installation of a virus or malware on your PC or network. Even if you think an attachment is genuine, it’s good practice to always scan it first using antivirus software.
- The message is designed to make you panic
It is common for phishing emails to instill panic in the recipient. The email may claim that your account may have been compromised and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure, contact the company through other methods.
When in doubt, DELETE IT!!!