Everyone knows that phishing scams are a huge concern, but what do they actually look like?
While many fraudulent messages are easy to spot, some take a lot more inspection to work out whether they’re real or not. So what can you do? Here’s a checklist of things to look out for, to protect yourself from phishing.
1. An Unusual Sender Address
Phishing scams often take place via email, so it’s crucial that you’re vigilant about who you’re communicating with. It’s likely that, when you receive an email, you don’t check the address of the sender. But this can be a key indicator of a phishing scam. Let’s consider an example to understand why this is.
Say you’ve received an email from Postmates claiming that your payment details have expired and you need to update them. While this may seem like a fairly harmless communication, it’s always crucial that you run a quick scan whenever information is being requested from you, especially if that information is private.
Let’s say in this scenario that the email address of the sender reads “p0stmates”, or maybe “post-mates”. These slight alterations to the official company name can be indicative of a phishing scam. Check the official email addresses used by Postmates or any alleged trusted party that states your information is required.
On the other hand, if you’ve received a social media message from an allegedly official account, check the account itself to see if this is the case. If the account is new, the follower number is low, or it’s missing a verification tick, consider this a possible red flag.
2. Multiple In-Text Errors
If you receive an email from what claims to be an official body, such as a big retailer or government branch, you’d expect the spelling and grammar of the email to be nothing short of immaculate. While errors can sometimes slip through the cracks even when the sender is legitimate, it’s rare that you’ll receive an email from a trusted party that’s littered with mistakes.
Spelling and grammatical errors can provide very clear signs of a phishing scam. Look out for such inconsistencies in any email, text, or social media message you receive. You can even use a typing assistant or spell-checking tool like Grammarly to quickly scan an email for errors.
3. “Urgent” Messages
If there’s one thing that gets people nervous, it’s urgent matters.
If an email states you’ve got a few months to perform an action, you may put it off for some time and not worry about it too much. However, if you receive an email stating that you must take immediate action to avoid consequences, you’re far more likely to comply without question. Cybercriminals know this, and will therefore inject a sense of urgency into their phishing emails to put you under pressure.
So, if you ever receive an email that stresses high urgency, don’t panic. It’s much safer to check the email for suspicious signs first and then act if you feel the sender is to be trusted.
4. Unusual Attachments
Attachments are pretty commonplace in emails. Whether it’s an image, a document, or similar, attachments themselves are by no means cause for concern much of the time. However, malicious attachments are often used by cybercriminals to install malware onto your device without your knowledge. I’s always best to vet any attachments you receive to ensure they’re safe to open.
The first step here would be to use your antivirus software. Today, many antivirus providers offer email or attachment scanners, which allow you to determine whether a file you’ve been sent is malicious. This can be done in a matter of minutes and is absolutely worth the extra steps.
Additionally, you should check to see if any given attachment looks suspicious at face value. The file type of an attachment can be especially telling. Typically, attachments will come in the form of .pdf, .jpg, .csv, .bmp, .doc, and .docx. If you ever receive an attachment that falls under the file types .exe, .vbs, .wsf, .cpl, or .cmd, proceed with caution. Such file types are often used by attackers to infiltrate your device.
However, these file types can sometimes be entirely benign, and even seemingly common file types can be malicious, so it’s key to scan attachments using your antivirus software before clicking.
5. Provided Links
Malicious links often form the basis of phishing scams. In a typical phishing swindle, an attacker will send their target an email with a link that they’re advised to click on. The attacker may claim this is a login page, verification page, or similar. Such pages will often require the entry of information, which is where the scam comes in. Phishing websites track the information you enter, allowing the attacker to use this data to their advantage.
To avoid clicking on malicious links, run any given link through a link-checking website. These sites will scan the link you provide to determine whether it’s safe or not to access. If the website deems the link malicious, steer clear, and block the sender who provided you with it.
6. Sensitive Information Is Requested
On the dark web, your private information can be valuable. Login information, payment details, social security numbers, and home addresses are all sought-after kinds of data that attackers can either sell to other malicious parties or exploit for their own benefit. Even your passport or driving license can be worth a lot on the dark web’s illicit marketplaces.
So, if you ever receive an email requesting any kind of sensitive information, take a pause to run some checks. Check the provided links, the attachments, the sender address, and other factors before even considering providing your sensitive information, as once the attacker has this, they can potentially cause a lot of damage.
7. Your Email Provider Flags an Email
Many email providers are equipped with an anti-spam feature that picks up on emails that are likely spam. Your email provider will notify you if this is the case, often with a warning bar at the top of the message. If you receive this kind of warning on any given email, you might be dealing with a phishing scam, as there’s a good chance the email you’ve been sent has also been sent to hundreds or thousands of other recipients.
While your email provider’s spam detector may not be accurate 100 percent of the time, it’s worth taking note of any warning you do get and then running other checks to see if the email in question is truly malicious.
Phishing Is Commonplace: Stay Vigilant
It’s easy to assume that you’ll never be the victim of any kind of online scam, but cybercrime is so prevalent that there’s nothing stopping any given attacker from targeting you next. You’re always better off vetting your communications to ensure they’re entirely benign. Phishing emails can be surprisingly convincing nowadays, so taking the steps listed above can help you weed out any potential scams.