Have you ever gotten a text message stating that you have just won the lottery? Or perhaps you have received a warning email from your bank that requires you to fill out the attached form to unlock your account? Beware, you might become a victim of a phishing attack!
Phishing is a form of identity theft that tricks unsuspecting users to divulge their personal information, like passwords and credit card details, by posing as a legitimate entity.
Since phishing is the most commonly used tactic to attack organizations, it’s important to be aware of its telltale signs. Here are some ways to spot a phishing scam:
Warning Sign #1: It is badly written
If you have received a corporate message that’s riddled with spelling and grammatical mistakes, think twice since it’s most likely a phish attempt. Legitimate companies employ professional writers to make sure that their official communications are spotless.
Warning Sign #2: It does not address you by your name
Fraudsters may have your email address or contact number, but they do not always have your name so be wary of messages that use generic greetings such as “Dear Sir or Madam,” “To whom it may concern,” or “Dear account holder.”
Warning Sign #3: The email address does not look right
Legitimate companies typically have customized emails such as firstname.lastname@example.org, which scammers mimic with slight alterations such as email@example.com. These fake email addresses look authentic at first glance so make sure to examine these very carefully.
Warning Sign #4: It has lucrative offers
If it’s too good to be true, it most likely is. Sadly, the fact that “you’ve won a prize” pop-up ads and lottery scams are still prevalent means they still work. Impostors also take advantage of the Black Friday and Cyber Monday frenzy by sending tempting deals that entice shoppers to click on fake websites.
Warning Sign #5: It requests for your personal information
Legitimate companies do not send emails or links asking for your sensitive data such as banking details or login credentials. If you think that there’s a possibility that it’s a genuine email, contact the organization directly but not using any of the communication methods provided in the message.
Warning Sign #6: It evokes a sense of urgency
Fraudsters usually employ scare tactics to elicit a fast, irrational response from their targets. For example, while posing as your bank, they will send you an email that your account has been compromised, and that it will be closed if you do not immediately provide your personal information to verify that you are the account owner.
They can also pretend to be the FBI and warn you that they have tracked illegal activity to your computer’s IP address. They will threaten to arrest you unless you fill out the attached form and remit bail (usually one bitcoin).
Warning Sign #7: There are suspicious attachments and links
Legitimate companies normally do not send you emails with attachments, but instead instruct you to download files from their company website. So if you receive an email with an attachment you weren’t expecting or doesn’t make sense, do not open it! It could contain malware.
Phishing attacks also commonly include links that direct you somewhere other than where it claims to. Before you click on any links, hover over them with your mouse and check the validity of the URL. Be careful of any changes in spelling or domain in the URL, such as www.redkeysolutions.net instead of www.redkeysolutions.com.
Also, be wary of shortened URLs. Phishers may use link shortening services like bit.ly to hide a link’s destination.
Reporting phishing scams
If any of these warning signs lead you to believe that you are being phished, report it to the following organizations immediately:
- Federal Trade Commission (FTC) at firstname.lastname@example.org or https://www.ftccomplaintassistant.gov/#&panel1-1
- Anti-Phishing Working Group at email@example.com
- United States Computer Emergency Readiness Team (US CERT) at firstname.lastname@example.org
- FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx
- Company or individual being spoofed
- Google at https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
It’s best if you can make you can forward the actual email or link of the phishing site. If the phishing was done through other means such as a text message, include as much information in your report: your name and contact details, method of phishing (pop-up ad, text message, Facebook ad, etc.), date of incident, name of the individual or business being defrauded, actual message and prompts, contact details of the sender, and other relevant information you think is necessary to support your complaint.
Red Key Solutions is a managed IT services provider (MSP) that can ensure the security of your IT systems. Contact us today so we can keep phishers at bay.