How to Avoid Being Scammed or Phished by Email
What are Phishing Emails?
There is an unfortunate high number of victims when it comes to financial scams and identity theft. One of the most common ways that criminals target victims is via email. Likely, you've seen a phishing email yourself at some point in the past. They are emails that are disguised to look as tough they are coming from a reputable company or organization when, rather, they are coming from a fraudulent person or group that is attempting to scam the receiver of the email in some way. The term comes from the act of the criminal attempting to "phish" for information and their emails serve as bait.
Typically, the senders of phishing emails will use a template of a popular company that is familiar to a lot of people, such as UPS or Amazon.com. So many people use these websites and services and receive legitimate emails from them, so fraudsters can target a large number of people at once. If someone regularly shops at Amazon.com then a malicious email with the same template that they're used to seeing may be easily overlooked. If the email stated, for instance, that a seller had a question and to "click this link" to view the question, the user might click the link. Clicking the link may take the user to a fake website that is made to look like the original. It may request that the user type in their username and password to proceed. If this is typed in, the fraudster now has access to that information.
There are different types of phishing emails and scams and not all of them serve the same purpose. There are a variety of motives behind fraudulent emails - seeking to gain personal information, attempting to gain access to different accounts including bank accounts and online gaming accounts, attempting to infect individuals or business with viruses, and a number of others. It can be a very lucrative business for criminals and costly for its victims.
These types of email scams can trick anybody, never feel ashamed if you've fallen for one. The more aware you become of them and the more cautious you are, the better chances you have of avoiding them.
Continue reading to below for information on how to spot phishing emails and scams.
How to Spot a Phishing Email
Although fraudsters are getting better and better at creating fake emails that look authentic, there are a number of ways that you can spot whether an email is really from the person or company that is listed as the sender.
Some phishing emails are much more obvious than others. Often times you can tell an email is fake simply by observing the numerous spelling errors. Fraudulent individuals that attempt to phish your personal information are not always proficient English speakers. You may be able to spot spelling and grammar mistakes.
Most phishing emails request the receiver to click on a link to verify information, confirm an order, or respond to a question. If you click the link you may be redirected to a website that looks similar to the one you intended to visit but is actually a fake website set up to steal your personal information. If you enter your username and password, that information is sent to the scammer rather than logging you into your account.
You can hover your mouse over a link without actually clicking it so that it displays the URL that it is actually linking to. The URL may be similar to the real website but typically contains an extra word or letters.
If you're ever in doubt - don't click on any link! You can visit the website directly by entering the URL in another window and logging in to your account from there.
Another sign that an email may be a phishing scam is that legitimate companies that you do business with or interact with will likely address you by your real name. A scammer attempting to phish you may address you simply by "customer" "account holder" or other generic term.
Sample Phishing Email From Canada Revenue
Sample Phishing Email from Ebay
Signs That an Email is a Phishing Scam
The email requests that you click on a link
Spelling and grammar mistakes
The sender of the email has a strange name or the "from" URL does not match the business' website URL
Usually the message seems urgent in nature
How to Report a Phishing Scam
The way in which you might report a phishing scam may be different depending on where you live.
The best option is to contact the business that the emails are imitating and inform them that someone attempted to phish you by pretending to be them. Otherwise you can report it to your local authorities. An investigation may be started but it is likely that the perpetrators will not be found as they often conceal their identities quite well using a variety of tools.
If you were successfully phished and have had your identity stolen then you will need to take further steps to protect your information and mitigate losses. You may wish to inform your credit card company or bank, change all of our passwords to any account you may have, or inform your employer if it happened on a work computer as this may compromise the company.
Have You Ever Experienced a Phishing Email?
- Security Awareness Training | Bait & Phish
Bait and Phish is a great corporate tool that can be used to analyze security risk and assign security awareness training. (www.baitandphish.com)
- Phishing Data - Attack statistics
Data and statistics on Phishing Attacks
- Email Fraud and Phishing
Awareness and information regarding fraudulent email phish attacks and scams. (http://www.rcmp-grc.gc.ca/scams-fraudes/phishing-eng.htm)