6 Tips to Spot Phishing Like an Expert
You'll never go through your inbox the same.
Who bothers to research what the latest scams, malware or phishing techniques are? Not too many of us.
That's because we all have more fun things to do online.
Besides, you're too smart to be scammed or fooled by some half-brain online trickster.
Or are you? According to most statistics, most of us (more than 90%) wouldn't easily identify a "sophisticated" phishing attempt.
("Phishing," if you need a refresher on the term, is an attempt by a hacker to lure you into falling for a scam, usually a deceptive email. If you bite on the bait, you can be tricked into giving up some valuable information to a hacker.)
There are phishing phone calls and emails, but phishing email cons are by far the most effective.
Because not enough people are aware that phishing is so commonplace. One estimate tells us that more than 150 MILLION phishing (deceptive) emails are sent out every day.
Those crooked hooks manage to catch 80,000 victims daily.
Don't be one of them.
The best thing to do is use this six-point filter to spot the shiny online lures that are trying to hook you.
If you spot one of these common email approaches, it is likely a phishing email.
Did they ask for personal information?
Don't give it. No matter how legitimate an email may seem or look, your real bank or credit card account will NEVER ask you to verify personal information again! If ANY email requests your account number, or driver license and Social Security numbers, it's certainly a phishing attempt. Think about it: when was the last time your bank contacted you by email? Probably, never! Don't be fooled.
The URL in an email doesn't match the actual online address.
It's a trap. If you were to click on a link in phishing email pretending to be a real company agency (the IRS, for example), it would take you to a bogus website—and you'd discover, upon examination, that the URL in address bar, doesn't match up to either...
- The way the address was in the email
- The usual (and real) email address for that organization
What's going on?
It's important that you know a spammer can create a link that looks legitimate on the page, but when you click on it, it takes you to a bogus page run by the online thieves. You might easily download malware or, if you're totally fooled, send off some private confidential data.
Spammers don't use dictionaries or spell check. If you see errors, move on.
Banks and other formal institutions can't afford to look incompetent or inefficient to their customers, which is why their communications are typically flawless. Not so with most phishing attempts. Some of the easiest tip-offs to a phishing email are poor grammar and obvious spelling mistakes. For example, an email supposedly from your bank says you need to update your acount information or provide your personal indentification number once more. Hopefully you caught those mistakes.
If you think you won, you'll lose. Don't get blinded by greed.
People don't win contests they never entered. Still, you wouldn't believe how many people will click on a link just to satisfy their curiosity to see what it is they supposedly won. Marketers have used "you've won" lures for decades, and now spammers use it too to get victims to take the bait. The second you see a contest-winning announcement email of any kind, delete it! You won't be losing out; you'll be saving yourself a lot of grief.
The authorities are not coming to get you. Don't buckle under.
Most people go out of their way to stay out of trouble. So, when someone gets an email (or even a phone call) that says they've broken some law and need to pay a fine IMMEDIATELY or risk going jail, it surely gets attention. That's what scammers are hoping for. They will intimidate you (and older people, especially) with threats of seizing their home or assets. Know this fact and spread the word: Government agencies simply don't operate that way. When in doubt, look up the number of the credit card company or IRS office on your statement and call them...but never reply to threats.
Someone wants money first? Don't send it.
Your brother might send an email to you saying you owe him $100, and chances are you know that. But if a credit card company (current or from your past) sends you an email and a payment request for $1,000 and directs you a website for payment—and you don't know anything about it—don't bite! Never send money unless you know exactly who you're sending it to and why. Scammers get money from victims for two simple reasons.
- They ask for it (demand, trick, confuse)
- People send it to them!
It's as simple as that. If you don't send money, they'll ignore you and move on to the next victim.
Knock knock. "Who's there?"
You were taught as a kid not to open the door for everybody (or anyone)—not until you learned whom to trust and to recognize trusted people and faces.
The same logic applies today to emails in your inbox, demanding your attention and to be answered. You can't just let anyone in these days without looking at their intentions.
You have to filter every communication you get. The bottom line is, it's more than okay to ignore emails from people you don't know, don't trust and don't owe any money to.
That's how to stay safe in today's online world.