One would believe that with the increasing awareness of cyberattacks, phishing schemes and online scams, people would be more careful about their private information. However, phishing schemes are more about exploiting the victim’s weakness than about their intellect. These scams aren’t exactly always easy to spot, and recent data has suggested that the amount of money lost in phishing schemes over the past 2 years (ever since the pandemic hit), has significantly increased.
This is because, with the increase in ways to secure your sensitive information, so have increased the number of “creative” ways to conduct cyber attacks to steal it. Phishing is, by far, one of the most fool-proof ways to conduct such attacks because of the scam’s personal, baiting nature.
So what exactly is phishing?
Phishing is a cybercrime where scammers, under the guise of legitimate organizations, lure you in to give out sensitive information such as login details, credit/debit card numbers and security passwords.
And if you think you’re too informed on the subject to fall for their trap, think again. Phishers capitalize on their victim’s fear, blind spots, pain points and pet peeves to get what they want and thus, even the best of us can be manipulated with the right technique.
But as Abraham Lincoln rightly said, “You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.” – you can set yourself up to be knowledgeable enough about the subject to avoid most of these scams.
Email Phishing & How to Protect Yourself from it:
Email phishing is a matter of rising concern globally. Ever since the Work-From-Home scenario took over, an approx. 3 in 10 workers worldwide have clicked a phishing link (in the past 1 year). So how can you avoid being a part of that 30%?
Analyze the body of the email. The red flags in phishing emails that you need to look out for are:
- Recipient name:
Scammers usually bulk-send phishing emails from basic email tools, so it is rare that you will find the email addressed to you by name. The mail usually says “Dear/Respected Customer” or something similar. The scammer will claim to know about a certain problem with your account/card and yet never know the account title/customer’s name. Odd, right? Take it as the first warning sign.
- Suspicious Activity:
Phishers pretend to be legitimate representatives from trusted organizations and warn you of “suspicious activity” on your account and the steps that you must take to protect yourself against it. They might say, “you’ve attempted to log in too many times” (even when you haven’t actually tried to log in at all), or “a transaction has been carried out from your account that we think wasn’t from you”. They then ask you to follow a link and reset your password or send your current password to them so they could keep it for “record”, or so that they could install better security options to your account.
Whatever activity they propose has happened on your account, verify it. Check if you can log in to your account or if you are really locked out. Check if a transaction has actually been carried out.
Official representatives never ask for your private pin/key/password for any purpose whatsoever. It is for your use only. Verifying the activity is only necessary for your peace of mind and for reporting it to the actual institution if someone’s trying to hack in.
- Grammatical Errors:
This usually goes unnoticed because most of us tend to scan emails quickly and since the first paragraph usually intimates us of a “grave problem”, we’re in an even greater hurry to read the email and take action.
Spelling mistakes, missing commas or run-on sentences are more obvious signs of a scam. Others, however, might not be so obvious. For example, the scammer may be capitalizing a certain word again and again throughout the email as a way of emphasizing it. However, you need to consider if the legitimate organization would actually do such a thing. Capitalizing the words “transactions”, “password”, or “online banking” is informal and is not what legitimate organizations do.
- Domain name:
While the other signs mentioned above could be genuine human errors (typos in emails sent out in a hurry or automated email messages that do not normally address anyone with their first/last name), domain name is the most obvious sign of a scam.
Phishing emails are sent from @gmail.com, @yahoo.com @hotmail.com, etc. But usually never from @domain.com, which is from where legitimate companies send out their emails. For example, PayPal would never send in an email from email@example.com, but always from firstname.lastname@example.org.
Another warning sign – the domain name could be misspelled. Changing one or two syllables in the company’s name makes it go unnoticed in the email. For example, sending the email from email@example.com – you will hardly notice the difference.
If you’re still not sure about the legitimacy of the email, always confirm if the mailing address is consistent with the previous emails you’ve received from the company before doing anything they say.
- Shady Attachments or Links:
A phishing email’s main purpose is to redirect you to unsafe web pages or send malware to your device to steal information. These attachments may be “invoices” for something you never purchased or “reports” that you never asked for. The attachment might also have a very vague name, tempting you to download it to see what message it contains. Beware!
As for the links, they are usually embedded in buttons where you cannot see the URL right away. However, if you hold your cursor over the button for 5 or more seconds, it will display the URL embedded in the button. As for mobile devices, hold down the button to reveal the link.
If the destination link seems suspicious, reach out to the company by other methods for confirmation before you open it.
Hopefully, this article will encourage you to look out for a phishing email even if it does not contain all of the warning signs mentioned above. And next time someone asks you what is a phishing email and how to avoid the scam, you know what to tell them.