Recognizing a phishing scam

Cyber-criminals use phishing emails as their favorite option for scamming people. Phishing attacks are email messages that may appear to be sent from a valid sender (e.g. your bank or your ISP) and request for private information like your credit card info or account details with the purpose of committing identity theft.

A “successful” phishing email begins with a carefully designed subject line that will attract the recipient’s interest. One example of a phishing email subject can be “You are entitled to money refund”. Then in the email body, the cyber-criminal who sent the phishing email will prompt you to enter your account details and other personal information so as to “arrange the refund”.

This is why you have to learn how to recognize a phishing scam.

The bullets below can assist you into detecting phishing scams.

  • You will notice that fishing emails may address you by name but you won’t find your name mentioned anywhere.
  • Phishing emails usually contain at least one hyperlink which you will be requested to click. You can hover your mouse on the hyperlink and see if the targeted site is the same as the one mentioned. Also, the site may seem valid to you, but note whether it starts with http or https. Reputable sites use https, so if the hyperlink sends you to an http site, it most probably is a phishing URL.
  • If you notice typos or poorly constructed sentences in the email,it is definitely an alert for phishing email but it surely doesn’t mean that all phishing emails contain such errors.
  • Hackers will use elements like company logos, privacy policies, and company details in their phishing emails on their attempt to make their email seem legitimate. Don’t be fooled by these. Carefully study the content of the email.
  • Warnings that don’t sound quite right should also alarm you. Such warnings can be: “Need to validate your bank account record as soon as possible (ASAP)so you can continue receiving payments” or “Update your web banking credentials asap or your account will be deactivated”.

Advanced hackers are also creating sites that appear as replicas of valid sites. This can be a bank’s website. Their target is to have you click on the link that redirects you to their phony site. As a next step, you would have to enter your credentials (since you believe it is the actual site that you visited) and they will store them and use them to impersonate you.

The best advice I can give you is to never click on links contained in emails and to avoid opening attachments if the sender is unknown. After all, if you are tempted into opening an email that seems to have been sent from an important contact but you are afraid that it may be a phishing scam, you should consider calling that contact and confirm it.

Leave a Reply

Your email address will not be published. Required fields are marked *