Phishing is an important tool in an online scammer’s toolkit. There are many variations, but the basic premise is to use deceiving communication (commonly emails, but also phone and video) to gain access to information. Commonly, this may be financial information (credit cards/bank accounts) or passwords…or essentially any other information that might be useful to a scammer!
Luckily, one of the better ways to defend yourself against phishing is simply paying attention. If something seems unusual with an email, it’s worth taking an extra second to re-examine and double-check. If an email is particularly concerning, for example a fraud alert from XYZ bank and you recently used your XYZ bank card on a website that you weren’t sure of—we recommend contacting the Fraud department of XYZ Bank using a phone number on the card or on the website rather than clicking links in a sketchy email. (These types of events are often coincidence benefitting the scammer and can appear quite convincing when they occur!)
A Few Things to Look Out For:
- Poor Grammar/Spelling and Unusual greetings or phrases
Very often, malicious actors and scammers originate from outside U.S. borders. With English as a second language, you will often encounter errors in spelling and grammar or simply odd phrases and use of language resulting from a translator app. Additionally, scammers will often re-use messages without knowing the English is poor. This perpetuates the cycle.
- Urgency or Deadlines
Because scammers want to get a fast and emotional reaction, phishing emails will attempt to create a sense of urgency. This can be accomplished in a variety of ways—your boss wants you to act, or there is a security issue, or a must-have promotion at your favorite store—but the theme is to have the recipient act without stopping to think.
- Inconsistency in email addresses and links
This one is basic but far too often overlooked. If you’re (supposedly) getting an email from Target but the email address is gmail.com and links send you to abc-exploits.com, your security antennae should be buzzing. Something is clearly wrong here. There are, admittedly, times where marketing/tracking links will not be to (in this case) Target.com, but inconsistency is one telltale clue that a scammer is in your midst. It’s important to note that determining link URLs is much easier on a PC (by hovering a mouse) than on a mobile phone.
- Suspicious Attachments
Unexpected attachments should be an immediate red flag. Many different filetypes can execute macros or other malicious code. Said another way, a file does not need to be an Exe file to cause havoc. If you’re not expecting an attachment with an email, treat it with extreme caution.
- Emails requesting passwords or other credentials
Asking directly for an email or password is relatively lazy, but there are lazy scammers just like there are lazy everything elses! It goes without saying that this is a mighty large red flag. If there is a reason to share this type of sensitive information (which there rarely is), we recommend to discuss this with a person directly rather than sending the info into the digital ether.
Being aware of these techniques and telltale signs of a scammer will help you and your family, staff, or friends avoid digital and identity theft this holiday season! If you have a few extra minutes, you may also benefit from our IT security post from last holiday season.
One of the best ways to remain vigilant against phishing is to enroll yourself and your employees in Security Awareness Training. One of our partners in this is KnowBe4, who offer a great security awareness product. You can even try a basic Phishing test on us!
Want some help from a team of experts? Contact Us!