Phishing scams are among the most prolific on the Web, and every day, around a billion of such scams are sent by email. While the vast majority of them end up getting detected by spam filters, it is sheer numbers which make them extremely effective. Phishing costs businesses around the world billions every year, and it is the number one way in which people end up unwittingly giving their personal or financial information away to cybercriminals. You will also occasionally come across these scams on fake websites masquerading as trustworthy ones, but almost all of them arrive through email. Learning how to spot them is your first and only real line of defence against getting duped by criminals.
Most Common Signs which Point to a Phishing Scam
If you haven’t checked your spam email folder in a while, it is highly likely that you already have dozens, if not hundreds, of scam emails lurking in there already. Fortunately, most of them are so obvious that they go either unnoticed or completely ignored. However, for those less familiar with Internet security, they do still pose a significant risk, and some of them inevitably get through email spam filters from time to time. Look out for the following signs before trusting any questionable email:
- Phishing scams are often sent from public email addresses rather than those from individual domains. If you receive an email which tries to look official, yet the address ends in gmail.com, yahoo.com or msn.com (or any other public domain), it is highly likely to be a scam. Few real companies use public email addresses for conducting their business. However, this is certainly not conclusive – after all, many phishing emails use email address spoofing to make them look like they come from official sources.
- Look out for any unsolicited attachments, especially if they come in the form of compressed ZIP archives or executable files ending in extensions such as EXE or MSI. Such attachments are extremely likely to contain malicious software such as keyloggers or Trojans designed to steal your personal or financial data.
- Generic greetings which are not addressed to your name are immediately suspicious. This is less commonly the case with businesses, however, since the scammer may already know the name of your business. Again, however, this is not conclusive by itself, so be wary of the other factors as well.
- Grammar and spelling mistakes have no place in an official email sent out by any legitimate company or organization, particularly if the mistakes are quite obvious or they are clearly typos. Phishing emails are often composed by cybercriminals whose first language is not English, and this is frequently reflected in the textual content of the email.
- Be wary of links to unfamiliar sites, particularly if the link anchor text or address is misspelled or worded awkwardly in a way that a legitimate organization simply wouldn’t do. In any phishing email, such a link will take you to a website where you may be asked to enter your personal or financial information while thinking that you are giving it to a legitimate company. Before clicking on a link in an email, move your mouse pointer over it to see where it leads.
- Scammers often include telephone numbers in their phishing emails. Sometimes these are under the guise of customer or technical support numbers and are included to make the email appear more official. This is particularly the case with unusual-looking numbers (i.e. too many or too few digits) and toll-free numbers
- Phishing scams often try to entice victims by inspiring a sense of urgency. For example, they may threaten you with account closure or try to warn you of a non-existent security issue.
- No legitimate company will ever ask you to send financial information over email. Likewise, no such company will ask you for a user password either. If an email is asking you for such information, then it is undoubtedly a scam.
When protecting yourself from phishing scams, a little vigilance and common sense goes a long way. While most of them are relatively obvious, others are designed to look like they are from a real company, sometimes one which you already have dealings with. If in doubt, check the website of the real company and be sure to review their privacy and security policy before taking any notice of any unsolicited email that appears to be from them.