Are you sure it was your bank that just emailed you? Can you feel confident that you’re clicking on a safe link? Or are you about to become the latest victim of a phishing scam?
Phishing is a creative attack that's been fooling people for years. A successful phishing attack can put your data and your money in the hands of criminals, and leave your devices riddled with malware and viruses.
Here’s everything you need to know about how to spot phishing scams and how to protect yourself against them.
What is phishing?
You can probably guess where the name comes from. The word “phishing”; is a reference to the way in which the scam is carried out: baiting, luring, and reeling in a victim. The criminal is holding the rod, and yes, you’ve guessed it - you're the fish.
There are several different kinds of phishing techniques. Most common methods involve email, although in more elaborate phishing attacks, that is just the start.
For phishing emails, disguise is essential. The criminal will pose as a trusted contact, a friend, or a legitimate company. They'll dress their message up accordingly, with an eye-catching subject line and all the trappings of a genuine email.
Types of phishing
Here are three of the most common types of phishing:
- Direct extortion
- Dangerous links
- Fake websites
Perhaps the most famous iteration of this method is the so-called “Nigerian Prince ” scam. It relies on the criminal starting a conversation with the victim and eventually convincing them to transfer money. This often involves the attacker, in the guise of a wealthy man overseas, promising a massive payoff in return for a “small” investment of funds.
In recent years, some criminals have started targeting people through dating apps. After gaining trust and convincing the victim of their genuine interest, phishers can create a false scenario in which they urgently need money.
Admittedly, awareness of these scams has increased in recent years, so fewer people are falling victim.
In some phishing scams, that initial email is just the starting point for a more elaborate crime.
The set-up is the same as the dangerous link email, but in this case, the link will take potential victims to a webpage specifically designed by the criminal. This page will use the same theme and disguise as the email. If someone is pretending to be your bank, asking you to reset your login details, the page will mimic the colors and layout of that bank.
Then, if you end up inputting the requested data - passwords or card credentials - the information will be unencrypted and visible to the criminal.
Catching a phisher
There are some typical red flags to look out for in most phishing emails.
The first thing to notice is whether the email uses your real name or not. If it addresses you as “dear customer” or “to whom it may concern,” you should be on the alert.
Phishing scammers will often send out huge batches of identical emails without targeting specific individuals. If a legitimate company reaches out to you, they'll almost always know your name.
The language used in phishing emails can also be a giveaway. Keep an eye out for odd turns of phrase, poor grammar, or obvious misspellings. A genuine email from your bank will not contain these kinds of errors.
Of course, the email sender’s address is also important. Check to make sure it looks legitimate. If there’s any doubt, check it against other emails you've received from the organization.
Lastly, be wary of any kind of urgency in the email. If someone demands money or presses you to click a link “before it’s too late,” that’s not a good sign. Criminals will often attempt to make the victim panic or rush to action without stopping to look closer at the email itself.
How to prevent phishing
- Slow down and think
This is essential. Never hurry through an email and follow its instructions. Is someone urging you to immediately follow a link to collect prize money? Are you being told to go to their website to change your passwords as soon as possible? Slow down and make sure that the email is genuine first.
- Don’t follow links directly
Most phishing emails will ask you to click on a link. That could open the door to malware, viruses, and ransomware. Avoid this problem altogether by never following email links, unless they’re from a trusted, verified sender.
If you’re in doubt, open a new tab and navigate to the real company’s page. To be certain, you can even email or call the organization directly and ask if they contacted you recently.
- Don’t trust your spam filters for everything
Your email will filter spam and junk mail into a separate box to be deleted later, but it doesn’t always catch everything. Don’t assume that something is automatically safe just because it hasn’t been caught by the filters. Errors like this happen all the time, so be careful.
- Ask yourself whether you’ve had a previous connection with the sender
If a bank you’re not with emails you, asking you to log into your account via their email, that’s a sure sign you’re being targeted. Most phishing emails are sent in the hopes that you’ll click on the link without thinking. Ask yourself if you actually have any account or relationship with the company the sender claims to represent. If the answer's no, ignore or delete the message.
Phishing emails can be highly effective, and they’re one of the oldest internet scams in the book. The best defense against them is vigilance and some common sense.