Email phishing scams are unfortunately common. They involve scammers trying to get important personal information from people via email by masquerading as a legitimate business or organization.
Phishers typically attempt to deceive their targets by creating fake versions of websites that look real. Users enter their information just as they would on the real site, allowing the scammers to collect it. They often initially approach their targets via email, although they may also call targets on the phone.
Guarding against phishing, both as someone who receives email and as someone who sends email, is important. Luckily, there are steps you can take to protect yourself.
Basic Signs of Phishing Scams
Phishers often imitate major brands and organizations when sending emails to targets. Google, Microsoft, and Facebook are among the brands imitated most often, but they are by no means the only companies phishers pretend to represent.
You should always be suspicious of unexpected emails from companies. This is particularly true if they claim to be sending urgent messages. Phishers try to get people to click on their emails by sending fake alerts about security concerns, financial irregularities, and similar issues.
You should also be suspicious when receiving emails with unexpected attachments. These could be malicious and should not be clicked on.
That said, phishers don’t always try to mimic companies recipients have accounts with. Sometimes they take the form of new contacts who are simply “reaching out” for information. Such emails should also be treated with caution.
How to Recognize Phishing Scam Sites
There are certain signs email recipients can look for to determine if they are being scammed. One is to simply compare the potentially “fake” site to the real thing. Although some scammers create very sophisticated mimic sites, many others make clear errors. If a site doesn’t look legitimate, it probably isn’t.
Sometimes the differences are subtle. For instance, a phisher might generally create a convincing fake site, but their version of the company logo doesn’t match the logo on the real site. Or, perhaps the login button on a fake site is a slightly different color than the actual login button. Small details such as these are worth paying attention to. Additionally, these sites sometimes feature excessive banners, another warning sign to look out for.
Phishers may also slightly modify the URLs of popular sites to convince users to click on them. For instance, someone trying to get your bank account information might create a URL where just one or two of the letters are rearranged (“eaxmple.com” instead of “example.com”), hoping you won’t notice the difference. That’s why it’s always a good idea to carefully check a URL before clicking on it.
Look for HTTPS
Another easy way to avoid phishing scams is to simply avoid clicking on URLs that don’t begin with “https.” Its presence indicates the site is secure. If a site is still using the old “http” protocol, err on the side of caution and don’t visit it. While it’s possible that some older sites haven’t updated to https yet, the vast majority of reputable sites have made the switch by now.
Take Extra Steps
Phishers often get the attention of targets by pretending to represent banks or the IRS. If someone receives an email telling them they owe money, they may feel they need to click on it and take the recommended action.
Don’t make this mistake. The IRS and many banks typically don’t get in touch with people via email anyway. If you suspect they are legitimately trying to contact you, instead of clicking a link you receive in an email, visit the actual site directly and log in. This is a small extra step that can make a big difference.
You might also want to consider using a password manager. This makes it easy to log in to sites with just a single click. You’ll be more inclined to take the extra step described here if you don’t need to manually enter your password every single time.
It’s also worth noting that many of today’s security suite products offer anti-phishing features that can be very effective. For additional protection, you may want to look into upgrading yours if it doesn’t boast such features.
Check Registration Data
If you suspect a URL may have been created for a phishing scam, you can always check its whois registration data. In most cases, phishing URLs are fairly new. Don’t click on a URL that supposedly links to a reputable company’s site if you learn the URL is only a few months old. That’s an obvious sign that it’s not legitimate.
These are important points to keep in mind for anyone who uses email in any capacity. It’s unfortunately fairly common for scammers to try and take advantage of unsuspecting victims online. You can avoid this by exercising basic caution.