How to spot email phishing scams

You are sure to have encountered phishing scams galore and had the good sense not to fall for any of them, hopefully. These fraudulent attempts to gain access to your sensitive information are getting ever-more sophisticated. There are several things you should do to avoid becoming a victim of scams and sharing your personal information and/or account details. These details include your email address, which phishing scams can use to steal access that unlocks information. There are some indicative signs of phishing scams that once you have become aware, you can guard against them. Let’s start with how to identify phishing scams.

They are essentially con jobs in that someone has to convince you they are credible and can be trusted. Most of the time this is done by way of fake emails made to look like they are coming from a trusted source and include a link to a legitimate looking website from a service provider you likely use. Once you click on the website and enter your user credentials, it can be used for identity or financial theft or fraud.

Here are several ways to spot phishing scams:

• Urgent requests – phishers like to use a link in emails to hide actual URLs, which takes you to a fake account. A trusted company will provide you with the full URL in the text, not a link. Your best, safest route is to open a new browser and type in the URL vs clicking a link.
  Some Examples
  • Restart Membership
  • You Missed a Delivery
  • Confirm Your Account
  • Your Account Has Been Locked
  • Suspended Account
  • Tax Refund
  • Refund Due to System Error
  • Update Your official Record
• Expiration Date – the email states your account with (company name) is about to expire, and you must sign in as soon as possible to avoid losing all your data. The link in the email takes you to a spoofed login page.
• Bank Notices – you may receive a fake notification posing as your bank stating a certain amount(s) is withdrawn from your account that exceeds the limit. If you have questions about the withdrawal(s), clink on the link that takes you to a website form asking for your bank account number “for verification purposes.” Rather than clicking on the link, CALL YOUR BANK.
• Logos and Email Addresses – logos can be easily copied and fake “From” email addresses can be made to look like they come from trusted sources. Don’t be fooled by email display names either. They can be changed easily to mask the real email address.
• Misspellings and Poor Grammar – these are warning signs. Similarly, the same applies to URLs. Legitimate companies use copywriters to check their emails for such.
  Tip – hover over links to see the actual URL address
• Unknown Attachments – they are a common phishing scheme used to spread viruses and malware, and they can damage your files and/or steal passwords from your computer. Do not open them.
• Impersonal Greetings – most companies will address you by your first and last name or company name, not “Dear user” or “Hello member.”
• “You’ve Been Paid” or “There’s a Billing Problem” seemingly from PayPal – it may state the money is on hold until you complete an action. Before you send money or click on a bogus link, log into your PayPal account and see if the payment is there. Another one is “The Billing Problem” stating your credit card is expired or billing address wasn’t correct. If you click on the provided link, it takes you to a spoofed website and asks for updated payment/shipping information.
• Virus Alert – the email states your computer has been infected and in order to avoid losing your data and infecting your computer, you are instructed to follow the provided link, or download the “anti-virus” attachment.
• Contest Winner – these emails claim you have won something or have an inheritance from an unknown relative. To claim your prize or inheritance, you have to click a link and enter your information.

In conclusion, if you have doubts or suspicions, trust your instincts and do not open the email or attachment(s) nor click on any links.

For more resources on phishing and how to protect yourself, go to phishing.org.