- Internet & the Web
Spot and Avoid Phishing Scams - A Primer on Phishing
The word phishing comes from "fishing" where people fishing drop bait into waters and wait for fish to bite it so that they can catch them. Similarly, bad people, out there, are trying to lay their hands on your details so that they can use it for their benefits. These details can be used against you and may also result in an identity theft. This hub tells you how to spot phishing scams and is for audience who still do not know how to differentiate between regular and scam emails.
What is Phishing?
Phishing is an attempt to steal your information by promising you something that you were never expecting. The attempt is to lure you into a trap - which may or may not also include social engineering - and make you give away all your details in lieu of something huge but fake.
In most cases, the phishing emails promise you loads of money and ask you for your information. In other cases, they direct you to a lookalike website and capture (steal) all your data. For example, they may make an email look like it is from PayPal and when you click on the links embedded in the email, it takes you to a website that looks like PayPal but is not PayPal. When you enter your information, it is stolen. In still some other cases, they promise you a huge sum of money as loan or as donation and make you pay some money upfront. You pay the money and keep waiting for your loan while the people involved are comfortably living off that money. You have to be careful and not fall for any such phishing emails.
How to Spot Phishing Scams?
There are some easy methods to spot phishing scams like spellings and email addresses etc. This section takes a look at these methods.
Origin of Email: The first thing to check in case of emails that seem to appear from your bank or anything similar, is the origin of email address. If it is in the format of email@example.com, it is not from your bank as it shows it is from something.com. Some may take a step ahead and create email IDs like info@bank_name.something.com. Again in this case, the bank_name is just a subdomain of something.com and the email origin is that subdomain and not your bank. If the email source is something like firstname.lastname@example.org, you will have reasons to trust the email.
Cross Check With Sender: If you are not sure, call up your bank, PayPal Support or any other institutions that the emails looks to be from. Genuine financial institutions do not ask for your details in an email.
Who is the Email Addressed To? Check to see who the addressee is. In most phishing scam cases, the To field is empty or generally "recipients" etc. If the To field or CC field does not contain your email address and the email does not address you by your name, don’t fall for it.
Donations: No one would want to donate huge sums of money to someone they do not know. If they really wish to donate money, they will perform background checks of charities/trusts and then give it to charity (the researched institutions). Do not even care to reply to such emails. Simply delete them.
Money Transfers: You may receive what seems to be genuine letters, written by the core of their heart, about how they are dying or are oppressed and hence wish to transfer huge sums of money to your bank accounts and offer you a percentage for the transactions. Replying to such emails is calling for trouble. You may get into legal hassles even if the transactions are genuine. But in most cases, it is just to get your details and then use them for unwanted purposes.
Loan Offers: Random emails from loan companies look genuine. But beware as they will ask you to provide an upfront payment so that they can get the loan insured. That does not happen. Even if you pay the money upfront, the loan money will never come. This is just a technique being adopted by phishing people to lure people as everyone has plenty of needs and may easily fall for an unsecured loan. But you know it is not the case. It is just phishing.
Check the URL in Email: If the emails contain hyperlinked text, hover your mouse over it. A small information window may appear - showing you the URL. If the window does not appear, right click on the hyperlinked text and click on copy link. Then paste it in Notepad or somewhere to see what it is exactly. Again, check to see if the URL is genuine by following steps outlining above. For example, http://paypal.something.com is not PayPal. Only http://paypal.com is PayPal.
You Won A Contest? Some emails claim that you won a prize. Don't be happy. Try to remember if you entered any contest. If not, then how can you win? Common sense here is to not go for prizes of contests you did not enter. Similarly, emails saying "Your package is Waiting To Be Delivered" are phishing scams. You need not know about the package if you never ordered anything. Don't EVER open attachments that are generally sent in with such emails. The attachments could be malware that can log in your keystrokes and send information back to the sender of such emails.
Always Use Original URL: Many a times, you will receive mails from imposters posing as financial institutions such as PayPal. The content of such emails say you should take immediate action after confusing you by saying the account is blocked or something similar. DO NOT CLICK URLS IN EMAIL. Use the original URLs. That means, instead of clicking the hyperlinks in the email, open your browser and use original URLs to get to the site to see the account status.
Above are some hints on how to spot phishing scams. If you have more hints, please share with others.