What’s the deal?
There is no doubt that the internet is an amazing place that can make life a whole lot more convenient and fun. In addition to all the good online however, there is a bad side too. Part of that bad side is scammers attacking people by using human vulnerabilities and trying to take money from them. There are many online scams out in the wild cyberspace, and one of those scams is ’email phishing’. Being as informed as possible on the subject will mean that you can help prevent yourself becoming a victim of email phishing and identity theft. Let’s delve a little deeper into the topic of phishing scams done via email.
What are phishing emails?
Phishing emails are sent out by scammers in an attempt to steal your money, your identity or usually a mixture of both. When you open a phishing email or click on a link within that email, malicious software will be installed onto your computer. This has been specifically designed by criminals and will sometime give them access to EVERYTHING on your device. It’s pretty scary but very real! In other, less severe, cases you might unknowingly install a software that can send your keystrokes to the attacker (which isn’t great at all either).
Another technique that is used on phishing emails is obtaining your bank/PayPal/email details by pretending to be from the company themselves. These emails often look very genuine so you always need to be on guard. People have lost thousands of dollars because of phishing emails, their entire lives ruined, so DON’T let this happen to you. Let’s take a look at some practical tips that you can put into action to help prevent becoming a victim of email phishing scams.
How to avoid falling victim to an email phishing scam:
1. Don’t click on links in unknown or suspicious emails
If you get an email claiming to be from your bank saying that you need to reset your details or something similar, DO NOT click on the link in that email. No matter how genuine it looks, your bank will not email you if there is a security breach on your account, they are more likely to phone you in case of a security issue. If it’s simply a case of a password change policy every couple of months or so, the request will be presented automatically when you try to login into your account, never via email. In any case, instead of clicking any links that you are not sure about, just manually type the address of the website which you know to be genuine right in the search bar. Navigating to the page in this way is safer. You can even be ultra cautious by calling the company in question and asking if the email was actually from them.
Pro tip: Text links in emails are actually ‘hyperlinks’, that means that they are a clickable line of text with a link hiding behind. In other words, what you see is not necessarily what you get! In any web email client (any email in a web browser), when you hover over a (hyper)link, the actual link’s address (where it navigates to) is presented at the bottom of the browser window. Links can also be attached to images and some phishing emails are an entire image, which means no matter where you will click, you will open the malicious link.
In the example below you can see how once you hover over a hyperlink the actual link is shown at the bottom left (in Google Chrome).
2. Make sure a website is secure
If you are in the position where you have clicked on a link in an email, you should check that this site is secure and you can do this pretty easily by looking at the address bar. A secure website will have a padlock in the corner and the website URL will start with “https”. If the site actually looks suspicious when you check these things, close the page and report the mail as email spam. Fake websites will often be designed really well and look almost genuine to the real site but the URL will always be a dead giveaway. Never download anything from a website unless you 100% know the website is secure and you know what you are doing.
3. Read the email carefully and trust your instincts
When you get any email, you should read it carefully before you interact with it in any way. A genuine email from a company that you do business with, will be addressed to you by name. A phishing email will usually start off as “Dear customer”, for the simple reason that they have no idea who you actually are, the cybercriminals are simply looking for anyone to scam! You should also look at the email address where it actually came from. It might sound like a genuine email but it will often be one letter off (for example, service@payppal.com). Take a look at how the email is worded too, does it sound awkward in any way? Often, English is not the first language of cybercriminals who produce phishing emails. Trust your intuition on this one and if you have ANY suspicion that an email is not genuine, delete it and block the sender.
Here are a few examples:
4. Be informed about the latest email phishing scams
Unfortunately scammers are getting smarter as technology is evolving, which is why it’s really important that you are up to date with the latest scams to help avoid identity theft. Check for the latest scams online, you might be surprised how genuine some of them seem. Ignorance is NOT bliss, being knowledgeable about this subject is really important and it could help stop you losing a lot of money. Take some time every month to read up on the latest scams and it might just save your life.
5. Report the phishing email
It’s important that you report any phishing emails to the company that the email claims to be from. Simply avoiding the email is not going to do any good in the long term, nor is it going to help others who are likely to fall from these type of scams. When you report the email, the company can inform their customers which is definitely going to be helpful and will actually contribute to stopping these scammers. Almost all big companies out there have an email address specifically made so customers can report phishing emails. You should be able to find how to contact the right people about such matters by doing a simple search.
Conclusion
Staying safe online is really important and a lot of this actually comes with experience. It’s better to be suspicious of an email, rather than trusting everything online. If a company IS genuinely trying to get in touch with you, phoning them is a way to be sure you are dealing with the right people. They will understand if you don’t want to give out personal information via email and they should not even be asking you to do this. Knowing what to look out for is really important. By follow the tips mentioned in this article, you can avoid email phishing scams. Protect your money, your identity and your peace of mind by being aware if something is not all what it appears to be.
Stay safe!