Phishing scams are a type of cyberattack in which a cybercriminal sends you an email that seems to be from an authentic source, in the hopes of tricking you into handing over sensitive information. The email might appear to come from your bank, your colleague, a company you’re subscribed to, or a company you’ve never even heard of. Having a more secure email system can help you avoid phishing scams, and so can using a control panel to manage your own emails.
Why do people fall for phishing scams?
You might think that only very gullible people ever fall for phishing scams, but that’s not true. Some scam emails are poorly written on purpose, to ensure that only the most gullible people ever fall for them, because these people are more likely to hand over their sensitive information. But some phishing scams are so well written that even the most tech-savvy among us could fall for them.
How phishing scams work:
With more convincing phishing scams, cybercriminals go out of their way to create a perfect replica of a website you really do have an account with. Sometimes, every link in the email goes to the actual website except the link that asks for your username and password. That link will go to the cybercriminals’ website, so that when you enter your username and password, they can collect your information and gain full access to your account. Phishing scams will often give you a convincing reason to click links in the email. Here are some of the most common things they’ll tell you:
- There’s a problem with your account or payment information, and you need to click the link to resolve it
- They’ve noticed suspicious activity with your account, and they need you to confirm your identity
- They’d like to offer you a coupon, and you need to click the link to download it
- Your account is on hold because there’s a billing problem These tricks are convincing, because they’re things that can and do happen even with a legitimate website. That’s why it’s so important that you arm yourself with these tell-tale signs that the email is actually a scam:
6 ways to spot phishing scams
- Unnecessary urgency
- The email address is wrong
- “Dear Customer”
- Bad grammar
- “Verify” your contact information
- Don’t have an account with the company
1. Unnecessary urgency
Scammers usually pressure their victims to respond quickly, so they don’t have time to think. The tone of the email is also designed to fill you with panic. The email might say that your account has been compromised, and you need to act quickly, or ironically enough, the email might even say that unless you verify your identity by clicking the link in the email, hackers will steal your information.
2. The email address is wrong
Phishing scams usually look identical to emails that have been sent by your bank, a store, or a service you’ve subscribed to.
But, on closer inspection, you might notice that there’s something off about the email address.
The company’s name is spelled incorrectly. There might be two letters where there should only be one, or one of the letters might be missing. Sometimes, the email address includes the company’s name (spelled correctly), but the structure of the email address is wrong. So, it might be something like [email protected], or [email protected]. Don’t ignore these signs. If the email address is incorrect, don’t click any links in it.
3. “Dear Customer”
When you get an email from a company you have an account with, that email usually addresses you by name. If an email addresses you with a vague title like “Dear Customer” or “Dear Valued Customer” or even just “Hello, Dear”, you’re probably looking at a scam. Google the company’s phone number and call them to make sure. Do NOT use the phone number in the email. This will just direct you to the scammers’ phone line.
4. Bad grammar
A poorly written email is a tell-tale sign that an email isn’t coming through a legitimate company. Most big companies don’t send out emails riddled with bad grammar and obvious spelling errors.
5. The sender asks you to “verify” your contact information
If an email appears to be coming from a legitimate source, but it asks for information that you’d never usually be required to provide, such as your banking details or login credentials, that email is probably a sophisticated phishing scam. If you think the email might be genuine, google the company’s contact information and call them to make sure. Again, never use the contact information listed in the email.
6. You don’t have an account with the company
This is one of the surest signs that an email that appears to be legitimate is actually a phishing scam. If you don’t have an account with the company sending you the email, it’s almost definitely a scam.
Some phishing scams are laughably obvious, but some aren’t so easy to spot.
The Takeaway
Some cybercriminals spend hours painstakingly recreating the tone and feel of emails from legitimate companies. And they know it’s hard for people to focus when they’re in a panic, so they’ll write an email that’s designed to get your adrenaline pumping. The top tip to take from this guide is to slow down. Pay attention to every detail of the email. Look for misspellings in the email address and in the email itself. Ask yourself whether the company’s ever asked you for this much information. And verify the email by calling the company, just to make sure. When you reach out to the company, make sure you google the company’s contact info yourself. And never, ever try to contact the company using the contact information in the suspicious email.