The world increasingly relies on digital communication, and scammers have learned to use this to their advantage. Phishing is one popular and effective method of stealing unsuspecting consumers’ sensitive information and gaining access to their electronic devices and financial accounts.
What is “phishing?”
A phishing email is an email that appears to be from a legitimate business or someone you know. A few examples are emails that appear to be from your bank, your credit card company or online retailers such as Amazon.com or Ebay.com. The sole purpose of all phishing emails is to get you to take a specific action. It could be to get you to click on a link in the email, forward the email to your contacts or open an attachment on the email.
Phishers typically use very compelling messages to get you to act. They may falsely inform you of unauthorized activity on one of your accounts and require that you either approve the activity or secure your account. Another tactic is to send out a fake “order confirmation” email for a purchase you did not make. Scammers utilize our desire to keep our information secure and investigate suspicious activity to trick us into clicking on a link or downloading an attachment that actually makes us more vulnerable to theft. Following any instructions contained in a phishing email could spell disaster.
Links: When clicked, a link may either install malware (software with malicious intent) on your computer or take you to a legitimate-looking website that asks for your sensitive information, such as your social security number or credit card information.
Forwarding: When you forward a phishing email, you are also blind copying the creator of the email. The phisher now has your information and the contact information for whomever you forwarded the email to. This also establishes a connection between you and the people you forwarded the message to. Scammers then use this knowledge to send your contacts phishing emails that appear to be from you. This is known as “spear phishing.”
Attachments: The attachment could be an image (.jpg, .tif or .png), a document (.docx or .pdf), a presentation (.pptx) or any other type of attachment (.exe or .php). When you open the attachment, you are installing malware on your computer. The malware could be a keylogger that records your keystrokes to steal user names and passwords, a program that gives a scammer remote access to your device, a Trojan horse, a worm or any other type of executable file created to do harm.
Warning Signs of Phishing
The best way to protect yourself from phishing is to learn how to distinguish which emails are legitimate and which ones are not. Here are a few common characteristics of a phishing email:
- The email starts with a generic greeting, such as “Dear Customer”
- You do not have an account with the sender (ex: a bank or retail company)
- The email is written in broken English or with numerous typos
- The email claims you won a contest you did not enter (ex: Nigerian lottery)
- The email is a chain letter (ex: forward this message to 20 people and you will have good luck for a year)
If you notice any of these red flags, delete the email. Do not click any links, open any attachments or forward the email to other people. Unfortunately, phishing emails are becoming more sophisticated, making them harder to detect at first sight. If the tips above still can’t help you determine if a message is legitimate, proceed using these tips:
- Hover your cursor over the sender’s name to reveal the true sender's email address.
- Hover your cursor over the link in the email, but do not click on it, to see if the URL leads to a legitimate website that matches what is written in the email.
- Conduct an Internet search using the sender's email address, the email subject line or the name of the organization followed by the words “phishing email” to see if other people have reported the information as a scam.
- If the email appears to have come from someone you know, such as a friend or relative, simply call the person and ask if he or she sent the email.
- If you do have an account with the company who claims to send the email, do not take any actions requested in the message. Instead, go directly to their website and log in to view your account and look for discrepancies. If your account status does not match the email, then you know it was a phishing attempt and should delete the message. If there is unusual activity on your account, then it is likely you were hacked and need to change your log-in information and possibly contact the company and your financial institutions to reverse any fraudulent transactions.
Note: These same techniques can be applied to email messages you receive on your smartphone, tablet or other type of device.
When it comes to phishing emails, it is better to be safe than sorry. Deleting a questionable email is typically the safest option. If it is really important, the person or business will attempt to contact you by phone or U.S. mail. If you don’t want to risk waiting, then contact them directly yourself. Just be sure to use verified contact information, not addresses or phone numbers contained in the suspicious email.
Take a few extra minutes to use the techniques listed in this article. If not, you will spend a lot of time and money trying to secure your information and repair the damage.