HOW TO SPOT AND AVOID PHISHING EMAILS

HOW TO SPOT AND AVOID PHISHING EMAILS

While we may envision hackers sitting in dark rooms hovering over computers with lines of code scrolling down their screens, the portrait of modern hackers is much more sinister. In fact, today’s hackers and cyber attackers are much more akin to the con artist or snake oil salesman of old.

Instead of using technical skill to infiltrate complex computer networks, most attackers use good old-fashioned deception and trickery to acquire information and money from their unsuspecting victims.

Yet despite more awareness about phishing than ever before, phishing attacks have increased exponentially in recent years, with 92,000 phishing attempts every month, a reported 5,753% increase since 2004.

The truth is, cybercriminals are getting better at their craft. While it was once a fairly simple matter to identify phishing emails designed to part you with your money or personal information, it’s more difficult than ever to separate legitimate emails from fraudulent ones.

But there are ways to protect yourself and your business from being victimized. The key is education. Knowing what to look for makes it easier to unmask the marauders before you become their next victim. Here are some tips to help you identify phishing attacks and keep your money and your personal information out of the hands of cybercriminals.

EMAILS CONTAINING THREATS OR TIME-SENSITIVE REQUESTS

Phishing emails often have an urgent or threatening tone to them, requiring you to click a link or open an attachment to avert a problem or avoid an account shutdown. Cybercriminals use threats or a sense of urgency to scare you into acting quickly, without thinking.

These emails may ask you to verify your account information, log in to your account, or fill out a form to correct an urgent problem.

Many of these emails look totally legitimate, complete with the brand logos and links to legitimate companies. And thanks to the growing sophistication of hackers and the availability of data on the internet, many of these emails may also contain personal information, such as your name, email address, or even your password.

Any email that you receive that requires immediate action should send up a red flag. Don’t simply react. Take time to step back and evaluate the situation first.

BAD GRAMMAR OR SPELLING MISTAKES

While any email can contain a spelling error or two, most legitimate emails don’t contain gross writing errors.

Phishing emails are often sent from other countries, where English is not the primary language, so if you see ‘bad English’ it’s usually a good sign that an email is spam, if not an outright phishing attack.

Here’s a great example of a phishing email that is difficult to read due to its poor grammar:

Note that hackers do seem to be grasping the English language more effectively these days. You may have to read more carefully to uncover missing words, awkward language, or other common mistakes.

GENERIC GREETINGS

Phishing emails may contain a generic greeting like Dear PayPal Customer or Dear Account Holder instead of your name.

While this is often the case, we still urge you to be suspicious, even if your name is in an email. Cybercriminals often find your name or other personal details on social media websites.

SUSPICIOUS HEADER INFORMATION

The header of every email you receive contains these fields:

From:
To:
Subject:

Phishing emails often contain suspicious or obviously incorrect information in the From: header like this:

Keep in mind that some perpetrators also purchase domain names that look like the real ones. For example, they might register out1ook.com, which looks a lot like outlook.com. Be sure to look at the email address carefully to notice any discrepancies.

FAKE OR SUSPICIOUS LINKS

Never click ANY links in an email you suspect could be fraudulent. While a link may look legitimate, there is often a suspicious link hiding underneath the link text. To see where the link will take you, simply hover over the link with your mouse (being careful not to actually click on it).

You can see the hover technique demonstrated in the example below:

Further inspection of this email also revealed suspicious links in the boilerplate text toward the bottom of the email that, at first glance, appear legitimate.

In fact, the text looks almost identical to the text at the bottom of legitimate emails from Chase, as seen in the screenshot below.

Notice there are only slight differences between the fake email above and the text in the legitimate email below. Can you spot the differences?

REFUNDS/REBATES

It’s not uncommon these days to receive an email that announces an unexpected refund from the IRS or an account credit at Amazon.com. These emails appear legitimate because they often contain company or government logos and even valid contact information.

It’s easy to fall prey to these emails because they appear to be a simple correction for an oversight or error.

The real motive behind these emails, though, is to get you to click the link to claim your refund and log in to what appears to be the company’s official website. After you type your login information, the scammer can access your legitimate account or sell that information for profit.

That’s why it’s so important to scrutinize links in any email carefully, even if it appears to come from a legitimate source. If you are ever in doubt, contact the company directly or visit the company website without clicking any of the links in the email.

QUICK TIPS TO AVOID BECOMING A VICTIM

• Never click a link or open an attachment in an email if you are unsure of its source.
• Be suspicious of any email you receive that asks you to reveal or verify personal information such as account numbers, passwords, social security numbers, credit card numbers, etc. Reputable companies will not ask for this information via email.
• If you’re concerned about an email you received, call the company. Don’t use any phone numbers or other information from the email, though. Look up the company’s website or find their phone number on a recent statement or in other legitimate correspondence.
• Assume any offer that’s too good to be true actually is. Avoid falling victim to emails that promise a big return for very little work.
• Be especially suspicious of donation requests to charitable organizations after a recent disaster. Many of these are phishing emails designed to take advantage of your compassion to capture your credit card information. If you want to help, seek out legitimate charitable organizations and visit their websites directly.
• Use anti-virus and anti-spam software and keep your web browser, email program and operating system software up-to-date by installing recommended updates. If you’re a business owner, make sure your IT company is handling these updates for you on a regular basis.
• Change your account passwords regularly and log-in to your accounts frequently to check for suspicious activity.

It’s clear that staying ahead of the bad guys is getting harder and harder every day. But being vigilant and taking the time to think before we act can help turn the tide in our favor and keep our valuable information and hard-earned money out of the hands of thieves and con artists.