How to Avoid Phishing Email Scams
Deceptive schemes and fraudulent practices have always been around. And in today’s technology-fuelled world, it can often feel like we’re one click away from danger, as online scammers ceaselessly orchestrate the social engineering attack known as Phishing.
What is a Phishing Email?
Phishing, like traditional fishing, is all about luring a target into a trap. Cyber criminals use bogus emails, malicious attachments, plus fake websites, in order to exploit computer users’ personal data, including bank details, names, addresses, and account logins.
By posing as a legitimate source (usually a business, government agency, friend or family member) via email, Phishing scammers hope to hoodwink users into coughing up their private information with little fuss.
While Phishing can also be carried out via telephone and SMS in a similar fashion, we’ll just be covering the email variety here.
How to Identify Phishing Emails
The best way to steer clear of Phishing scams is by…well, steering clear of them altogether. Being able to spot a suspicious email is critical when it comes to staying safe; so remain vigilant for anything suspicious like:
- Sense of Urgency. Scammers don’t want to wait around for you to bite – they want you to bite NOW! And so, to get your attention and elicit an immediate response, they’ll make it seem like your world is going to end if you don’t start frantically trying to resolve the ‘apparent’ issue pronto. BE AWARE.
- Grammar, Spelling, Tone. Companies CARE about customer service. So, if an email claiming to be from a professional, authentic source, such as a bank or streaming service, is poorly constructed, with bad wording, sentence structure, layout, and tone of voice, then consider it fishy – or is it ‘Phishy’?
- Vagueness. Beyond the language and presentation of the email body, people who KNOW you, really should be in the habit of addressing you by an actual name. We all have one, and it should be standard stuff when it comes to all correspondence. Tread carefully with emails that simply begin with “Dear customer” or “Dear Sir”.
- Hyperlinks. It’s in a scammer’s interest to be sneaky, which is why most Phishing emails contain hyperlinks that lead to dangerous destinations such as malicious websites. Don’t rush into clicking; instead, hover over them to reveal the true URL. For example, a ‘Confirm Your Amazon Order’ hyperlink may actually lead to ‘annazon.com’ (note the ‘nn’ vs. ‘m’).
- Attachments. It’s easy to send our friends and co-workers email attachments, including files such as photos, reports and forms. But it’s just as easy for cyber criminals to send viruses, such as ransomware and data-mining malware, hidden behind innocuous-sounding file names like ‘Sales Report’ and ‘Flight Itinerary’. If in doubt, DON’T open.
- Suspicious Sender. We’ve already covered several ways to identify a potential Phishing email, but don’t forget about scrutinizing the sender, too. Scammers try to gain your trust by posing as trusted brands and organizations – but careful examination of their email address can often reveal the ruse. For instance, ‘firstname.lastname@example.org’ doesn’t offer much reassurance, does it?
How to Prevent Phishing Attacks
It’s often much easier to prevent a bad situation from happening than it is to struggle your way out of one. Here’s a number of ways to stay ahead of scammers, keeping your data, finances and identity out of harm’s way:
- Trust Your Gut. Usually when something’s a little off, we can just sense it. So LISTEN to that feeling – because it could save you a lot of stress and heartache.
- Don’t Rush. Just because an email is urging you to react right away, it doesn’t mean that you have to lose control. Instead, breathe. Sit back. And take a moment to think.
- Check Hyperlinks. As we touched on above, hover your mouse over email hyperlinks to reveal the true destination URL. Don’t just trust the sender on blind faith.
- Check Sender Address. Check the name and specifically the email address. As we also touched on above, anything that sounds unfamiliar or strange should be treated with suspicion.
- If it Sounds Too Good to be True… Yeah, you know the saying. While real promos do exist on the internet, nobody reaches out to a complete stranger with a something-for-nothing, insanely good deal. They just don’t. So DON’T fall for it.
- Investigate the Claim. If you’re notified of an ‘urgent issue’, investigate the claim in a smarter, safer way. Ignore the email itself and instead go through official contact channels, such as those on the company’s OFFICIAL website.
- Ask Your Peers. Why not get a second opinion on a potential Phishing email? Ask a friend or co-worker what they think. The more minds, the better.
- Encourage Cyber Security Awareness. It’s easier to prevent Phishing scams when we understand and communicate them better. Report office incidents and concerns, and consider training staff in cyber security awareness and protocols.
Use a Web Safety Tool. Cyber security products, such as Total WebShield, were designed to protect users from online threats such as those relating to Phishing scams. Features include malicious website blocking, along with tracker and pop-up blocking to bolster both security and privacy.