Hackers are getting creative in accessing our private data. They know it’s valuable and they are eager to exploit it. This is seen in the global rise of identity theft and ransomware cases. No one’s data is immune.
Phishing emails are one of the most popular data extraction techniques. Every year statistics show an alarming rate at which this tactic is continuing to trap people into revealing their personal data.
What is a phishing email?
A phishing email is designed to trick you into clicking on a malicious link or revealing your personal information. It can do so by exciting you with a deal, frightening you with a threat or a claim that a family member needs something from you, or posing as a website or service you trust.
How to spot a phishing email
Whose name is on the email address?
If the email is from someone you’ve never heard of before, be on your guard. If you don’t trust the name on the email address, then don’t open it. If the email came from a trusted source but has a suspicious headline, send a separate email to that person to check whether their mailbox was compromised.
Ask yourself: Do I need to click the link?
If by any chance curiosity got the better of you and you opened the email, do not click on any links and don’t download any attachments. Certain types of phishing emails might be hiding malware and will most likely infect your device.
Phishing emails are more subtle and more elaborate than they used to be. Some pretend to be from your tax refund service while others seem to come from your friends. Clicking on a link might take you to a lookalike website that will trick you into entering your personal details or downloading a virus.
How to avoid phishing attempts
Don’t rely on spam filters alone
Don’t rely on spam filters alone. Most email providers block users who send phishing emails by sending their emails straight to the spam folder. However, there will always be craftier criminals who will find new ways around them.
Are there spelling mistakes in the email?
Brands that send emails to their customers focus on the details and triple check for errors. If there are spelling mistakes in the email, you may want to doubt its authenticity. An email will also be suspect if the sender’s name or address is spelled wrong – especially if it’s a large and well-known brand.
Double check the product being advertised
If you receive an email offering you ticket giveaways for an expensive trip, double check whether the offer is valid before you click on any links. It’s understandable that you’re curious what’s on the other side but before you carelessly give away your sensitive information, search for this offer on Google first. And remember – if it sounds too good to be true, it’s probably a scam.
Use a low limit credit card
To avoid a hacker draining your entire bank account with a single phishing attack, use a seperate credit card online. You can load up a virtual credit card for single payments or recurring ones to protect your main bank account.
A firewall acts as a buffer between you, your computer and online threats, so they can help reduce the chances of phishing attacks getting through to your device.
Pop-up windows often masquerade as legitimate components of a website, but most of them are phishing attempts. A VPN can reduce pop-up ads so you don’t have to worry about accidentally clicking on one. I strongly recommend Malwarebytes VPN.
Phishing email examples
- Banking scams: You might get a text message or email claiming that you’ve set up a new payee, or informing you of some suspicious activity, all of which require you to click a link to confirm. But 9 times out of 10 you won’t even have a bank account with them. The intrigue alone might make you click the link, but if you don’t have an account with said bank – don’t click any links.
- Account deactivation: Commonly referred to as a Paypal phishing email, this scam involves an email from Paypal which tells you that your account will be deactivated unless you confirm your card details. The link takes you to a fake PayPal site where your card details are stolen.
- Social media request: A friend of a friend on Facebook might send you a friend request. You don’t recognise the person but you accept anyway based on the mutual friends you have. This new friend then sends you a Facebook message with a link to a video, which when clicked on could install malware onto your device.
- Fake Google Docs login: In a google phishing email a cybercriminal creates a fake Google Docs login page and sends a phishing email hoping to trick someone into logging into it. The phishing email might say “We’ve updated our login credential policy, confirm your account by logging in.” The sender’s email is a fake Google email address like email@example.com
- The CEO email: A cybercriminal sees that the CEO of a company is abroad and sends a phishing email to an employee asking them to help out the CEO by transferring funds to a foriegn partner. The victim doesn’t hesitate and transfers funds directly into a hackers account.
- Confirm your card details: A hacker knows you’ve made a recent purchase at Apple for instance, and sends you an email disguised as Apple customer support. The email tells you to confirm your credit card details since they may have been compromised, and just like that you’ve sent your financial information to a cybercriminal in an Apple phishing email. The same social engineering techniques can be seen in similar Amazon phishing emails and Netflix phishing emails.
How to report a phishing email?
You can report phishing emails or recurrent emails from unknown senders in three ways.
- Forward phishing emails to the Anti-Phishing Working Group at firstname.lastname@example.org. Forward phishing text messages to SPAM (7726).
- Report the phishing attack to the FTC at ftc.gov/complaint.
- You can also report banking phishing emails directly to your bank. If you have a Chase bank account for example, and you’ve received a suspicious looking email from them report it to email@example.com.