Last updated on December 2nd, 2019 at 04:28 pm
According to Wikipedia, “Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging,”
Here, you are directed to a fake website to enter your important credentials like passwords and login details. All this is done to cause you economic loss and steal your sensitive data. In this quick guide, we have discussed what are phishing emails, what are its signs, and how to prevent it?
What Is a Phishing Scam?
Phishing is one of the most common online scams, in which hackers attempt to extract personal information or unleash malware via fraudulent emails. Typically, emails are created to look like they come from a legitimate company, like a bank. They often include dangerous links or infected attachments.
If you click on a link in one of these phishing emails, you’ll often be prompted to fill out personal info or a network username and password on a website that looks like a company’s website.
These scams are referred to as “phishing” because hackers are “fishing” for your sensitive information or trying to “lure” you into a trap. Phishing scams are known as social engineering cons because they rely on human error to work. For this reason, they’re one of the most popular scams used by hackers.
Since hackers are banking on your likelihood to make a mistake, it’s essential to know how to spot a phishing scam when you see one.
6 Signs of a Phishing Email
How can you tell if an email is fraudulent? There are usually 6 big signs to look out for.
#1 Misspelled Domain Name This one seems fairly obvious but unfortunately, many people fall for it. Most of us often don’t check the domain name of a sender right away, but it can be the biggest tip-off that it’s a phishing scam. Hackers can easily purchase domain names meant to resemble legitimate ones at first glance, so always be wary of this.
You can see the domain name by hovering over the “from” address. If the domain name contains numbers, like @paypal45.com instead of just @paypal.com, that should raise some alarm bells. Sometimes variations are more subtle than that though. You might see a legitimate company’s name misspelt slightly, or written in a way to fool you if you glance over it quickly. Always look at the domain name from a suspicious sender, and search for a company’s correct domain name on Google when in doubt.
#2 Poorly Written If the email contains grammatical errors or unusual phrasing that’s another sign it might be a scam. That’s not to say you should delete every email you receive with a mistake in it – everybody makes typos. However if the mistakes seem more like they were made by a non-native English speaker (many hackers don’t speak English as their first language), or the language is inconsistent with previous emails you’ve received from this sender, be suspicious.
Official email communication from banks or other institutions is typically saved as templates, which are written, edited, and proofread several times before being sent out to clients. A small typo, like a “g” in place of an “f”, isn’t a huge problem since these keys sit right next to each other. A glaring mistake, like a company asking urgently for an update to your “information” rather than “information”, is an error typical of non-native English speakers. Something like this should be a big tip-off.
#3 Calls for Urgent Action Phishing emails try to establish a sense of urgency. They tell you that you must act quickly on something, or something else bad might result. If you receive an email with words like “your account will be closed” out of nowhere, be cautious. Hackers are trying to draw on your initial concern when reading phrases like that to entice you to click on a fraudulent link.
If you get an email with urgent language like this and you’re concerned, always contact your bank or other institution separately and enquire about updating your info. Some hackers go beyond banks or companies, though, claiming to be from government agencies. They threaten legal action if you don’t respond right away. However, government agencies don’t send emails as their initial form of communication in these cases.
#4 Fake Links Phishing scams often involve redirecting users to a dangerous website via a link in an email. They might hide the URL of the website in a button or hyperlinked text. Before clicking on a link in a suspicious or unexpected email, hover your mouse over the link to display the full URL at the bottom of your browser. Here you’ll see the full web address, which you can usually tell is a bogus link.
Another thing to look out for in suspicious URLs is the order of the URL components. DNS naming structure follows a standard: child domain [dot] full domain [dot] com. So something like info.companyname.com would be a legitimate address taking you to that company website’s info page. Hackers will use structures like full domain [dot] malicious link [dot] com. They place the bogus link after the legitimate company name: companyname.boguslink.com. Learn to scrutinize URL links carefully, so you can avoid clicking on malicious links sent to your email.
#5 Asks for Personal Info Always be wary of emails that ask for personal information, even if they appear to be from a trusted sender. Hackers go to great lengths to make emails appear legitimate. If you suspect it’s fake, don’t click any of the links in the email. Instead, go to the organisation’s website and contact them directly, asking if they need to confirm your personal info.
For this very reason, many institutions won’t ask you to confirm sensitive information like bank numbers, NRIC, or login credentials over email. Always give personal info like this through secure means, such as in a password-protected online portal on the company’s website. Some organisations will send you a link via email to log in on to their secure portal. If you don’t trust it, use tip #4 to inspect it for authenticity before clicking. You should be able to access their secure login area directly from their website as well.
#6 Suspicious Attachment Hackers will send infected attachments via email that when opened unleash malware onto your computer. Unsolicited email attachments should always make you wary. It’s advised to never open an email attachment unless you are 100% confident the message is from a legitimate sender. In addition, legitimate companies will typically not send you attachments but instead ask you to download forms directly from their website.
High-risk attachments to keep an eye out for are .exe, .scr, and .zip files. The chances the attachment contains malware increases with uncommon file types like these. For most of us, opening the attachment right away might seem natural – especially if it’s an unsolicited, puzzling phishing email. Your instinct might be to click on the attachment to have more info. But this kind of thinking is what hackers are counting on when they send scam emails.
Final Thoughts Remaining vigilant when it comes to your email is the best way to prevent phishing hacks. We are often in a hurry when we comb through our inbox, but this is an easy way to get taken in by a scam. Always take an extra second to review unexpected emails or messages from unknown senders – trust us, you’ll be glad you did.
David Share – Director at Amazing Support has held positions as Operations Director and Head of IT in legal and professional firms for more than 10 years. He is a Director and co-owner of Amazing Support, an Award-Winning, Microsoft Silver & Cyber Essentials accredited specialist managed IT Support and Cyber Security Company.