Scambusters
menu icon
search icon
×

Could You Spot A Phishing Email? Here's How

phishing email

10 top tips to steer you clear of phishing email scammers: Internet Scambusters #1,069

Phishing emails, designed to steal your confidential information or upload malware onto your PC, are among the biggest sources of scams right now. And they cost Americans millions of dollars every week.

In this week's issue, we'll explain the tricks the crooks most commonly use and give you 10 ways to safeguard yourself.

We also have two important news alerts about a brand new gift card scam and the activities of bogus fire inspectors.

Let's get started…

Could You Spot A Phishing Email? Here's How

Phishing is a numbers game. Just like real fishing.

Scammers send out billions of random messages every day designed to steal information from you, just like an angler casts a net or line far and wide. They know that, statistically, sooner or later they'll get a "bite" and land their catch.

Emails are still the most popular way for crooks to try to trick you into revealing confidential information, like sign-on details and account numbers, and sometimes to get access to your computer to upload malware.

Almost half of all emails sent in the US are either phishing messages or spam. In the first three months of this year, according to security firm Vade, the number of phishing emails, at over 500 million, was double that of the previous quarter.

How Scammers Fool You

Most commonly, phishing emails use links or attachments that are designed to either take you to a bogus sign-on page or to install malware onto your PC.

More Scam Reports:  Rental Car, Travelers' Checks Used in Latest Craigslist Scams

You might think you're smart enough to spot their tricks but sometimes even security experts get hoodwinked into thinking a message is genuine. Here are some of the tactics the scammers use.

  • They make addresses seem legitimate by disguising them. They may use a long string of letters that includes the name of the legitimate company. They may use address shorteners, which hide the real address. They may substitute a letter with a similar character or add a letter or hyphen that you won't spot at first glance.
  • They use the same design, colors, and logos as the companies they're impersonating.
  • They try to rush you into clicking links or making a phone call by striking a note of urgency, such as a looming deadline, product shortages, or use of dramatic words like "WARNING."
  • They take advantage of current news stories, especially about disasters, to pretend they're trying to help those affected.
  • They harvest information about you from social media sites, so they make it seem like they know you, to lower your suspicions.

10 Ways To Protect Yourself

Common sense is your best ally to beat phishing email scammers, but here are 10 other things you can do to stay safe.

  1. Check the accuracy of the email address, looking for some of the red flags listed above. Hovering your mouse over the sender's address, without clicking, should reveal it in full. Also, consider using a free address checker such as Email Checker.
  2. Maybe preview the page the email is pointing to. If you want to see what a page looks like before even visiting it, there are several browser extensions and other software that can do this. See, for example, 8 Quick Sites That Let You Check If a Link Is Safe.
  3. Be wary about opening any email from an unknown sender. Certainly, don't click on links from unknown senders.
  4. Don't be fooled by a personal text that mentions something about you or seems to come from someone you know. Scammers are now using artificial intelligence to build this personalized wording into mass email attacks.
  5. Check for spelling and grammar mistakes. Although rarer than it used to be, poorly worded text on a page is still a potential scam warning sign. A quick and easy way to do this is to paste the text into a checker like Language Tool.
  6. If an official-looking email ends with a common domain name address like "gmail.com" or "outlook.com," it's probably fake. Reputable organizations have their own domain names like "amazon.com."
  7. Don't panic if the tone of the message urges you to act quickly. Stay calm and check things out using the tips in this issue.
  8. Don't respond if an email openly asks you for confidential information, often by saying they need to confirm your details.
  9. Be especially alert for emails that seem to come from the most commonly impersonated companies like courier firms, social media sites, and tech companies.
  10. If the message requests money or other types of donations for a charitable cause, don't give until you've checked them out. For guidance on this, see our earlier issue, Charity Scams.
More Scam Reports:  Thinking Of Going Solar? Watch Out For These Scams

Don't forget that using and keeping updated Internet security software is one of the best ways of filtering out spam and scam emails.

Remember too that although email is the most common vehicle for phishing, scammers also use both SMS text messages and automated phone calls.

This Week's Alerts

Nasty gift: Gift cards have been used in scams for years, but one recently reported in California is a newcomer: Crooks steal multiple cards from stores, scratch off the security strip, and record the number. Then they stick a new seal over the number and replace it in the store. When a card is purchased and activated, they use it before the buyer finds out. If you're buying a gift card, check the security strip carefully or ask for a card that's not on display.

No Inspectors: Small businesses are being warned about bogus fire inspectors who turn up at their premises and recommend replacing fire extinguishers and other safety equipment - which they just happen to have in their truck. Fire inspections are normally done by uniformed members of your local fire department, who more than likely won't try to sell you stuff. But check their ID anyway.

That's all for today - we'll see you next week.

«
»