Computer Security, Technology, Tutorials

How To Spot A Phishing Attempt Easily (With Pictures Included)

May 23, 2017
Introduction

Hackers and scammers frequently use many different methods for stealing personal information. One of the most powerful techniques is the “phishing” email. These emails typically disguise as communications from bank institutions, credit card companies, and other crucial institutions.

Phishing scams attempt to collect personal information, which can include all of your important information (full name, Social Security Number, date of birth), or even merely a couple of details (like a banking account login and password).

Many internet users are often not provided with much instructions in detecting phishing attempts. Significantly, they are lured to perceive emails just like physical mail — that is, mainly authentic and reliable. It can be difficult to figure out which emails are legitimate and which are not until the person becomes the phishing victim.

Sometimes phishing emails are plainly perceived as phishing, but the most carefully constructed emails can occasionally slip past the best spam filters of even the most veteran internet users.

Phishing has quickly grown into an enormous problem that increasingly becomes more complex. Even governments and Fortune 500 enterprises are affected by phishing.

Here are a couple of tips and questions you should ask yourself to find out whether an email is phishing or not:

Refrain from sharing confidential information that may put you at risk
Ask yourself this: Is the email asking you for personal information in plain text?

Be extremely careful of emails and websites that ask you for sensitive information. An email that asks you to respond with such confidential information is always likely to be illegitimate. For instance, your bank will never resort to directly sending you an email asking you to confirm your bank account number, password, or PIN. Treat such emails with as much skepticism as possible.

Emails that ask you to write or phone them back with your personal information should be treated as suspicious as well. The majority of companies that require this information already have it on record. I can’t think of a legitimate business that asks for personal information over the phone or email.

If you sense that something doesn’t feel right, then you should be very careful.

Security

When you go on a secure website, you’ll see that a padlock exists in the browser’s address bar. The site’s address will start with “HTTPS” instead of “HTTP”. If the site does not use SSL, do not enter any sensitive information as the data is unencrypted and can possibly be intercepted and read by someone with malicious intentions.

It is important to be aware of the fact that even secure websites today can emerge to be phishing scams. Scammers can get a free SSL from Let’s Encrypt or purchase one for less than $50 in order to appear legit and gain the trust of the potential victim. An SSL certificate does, in fact, enhance the website’s appearance in looking more credible in the eyes of the targets.

Ask yourself this: If the email has a link, is it going to the correct site?

The visible link in an email can be masqueraded, so it appears like the right URL. However, after you click on the link, it actually sends you to a different site. For example, instead of RBC, it might send you to RBBC — a subtle difference that can be potentially devastating and one you might not even notice.

To make sure that you are heading to the correct site, don’t click on the web link. What you should do is visit the website of the bank that sent the email yourself by manually typing the website’s address in the address bar, then log in.

You can tell if the URL is different by placing your cursor over the suspicious URL in the email and looking at the bottom left corner of your web browser which displays the URL.

If the email warns you about a message relating to an account flag or other concern, it will appear on your computer screen when you log in. If you don’t see any warning after manually typing in the site’s URL and logging in securely, then it is certain that the email originated from a fraudster.

Scammers will always try to convince you to visit a malicious site where you can type in your personal information. They will likely attempt to make the website look like your bank or another recognizable site to try and deceive you. Don’t fall for this.

If you want to confirm that there isn’t any trouble pertaining your financial account, contact customer service yourself. Again, make sure the customer service phone number is legitimate as well. Search for it via Google and the official bank website. Skepticism can go a long way.

Generic Requests
Ask yourself this: Is the email addressing you generically?

Be very careful with generic emails which address you with “Hello customer” or “Hello Sir/Madam”. Most employees from legitimate institutions who communicate with you will use your personal name and greet you appropriately. Emails would be personalized to the specific individual.

Use of Poor English

Numerous phishing attempts consist of poor grammar and spelling. In other words, they are often littered with inconsistent capitalization and odd phrasing that merely foreign English speakers employ. Emails that requests for confidential information accompanied by bad English ought to be treated as suspicious.

Ask yourself this: Is the email written by a professional?

Remember that most important emails are always going to be crafted by professional writers who will avoid making these kinds of grammatical mistakes.

Stranger Danger
Ask yourself this: Do you have an account there?

If you are sent an email from a financial institution, you don’t remember using, and where you don’t have an account open, there is zero possibility that the email is real.

The same thing applies when you are notified that you’ve just won a lottery that you never even entered. Therefore, you should treat the email with skepticism. You might be asked to check the details of an order you never placed on Amazon or eBay. Red flag detected.

Over the Phone

Criminals are always inventing new ways to steal your personal information. Some may even call you directly at your home. They will likely claim to be calling from your bank or other important institution and try to convince you to hand out personal information over the phone.

There is a popular scam circulating around where a caller pretends to be calling from Microsoft. He or she will state that there is an issue with your computer and they have called you in order to help address it. They will proceed to try to deceive you into installing malware which can be deployed to log everything you type into your home computer including any usernames and passwords that can be used to harm you both financially and emotionally.

Email Forms

Never enter sensitive information into forms which have been incorporated into emails. People who send out these phishing emails are frequently capable of tracking what you typed.

Ask yourself this: Is entering personal information into an email form really necessary?
Public Hotspots

Criminals can spoof websites which will redirect you to a harmful site used in stealing private information. Only use private networks like your home WiFi to access online financial accounts.

Ask yourself this: Is a public hotspot really going to shield you against inevitable threats in contrast to a private hotspot which is more likely to have fewer people using it?
Report the phishing attempt to the appropriate authorities

If you suspect that you are the target of a phishing scam, you ought to report it to the company concerned and to other applicable authorities.

If you ever receive a dubious email from someone claiming to be from your bank, immediately contact customer services and report the occurrence since they will investigate the distrustful email.

Ask yourself this: Will myself and other future potential victims benefit from reporting phishing campaigns to the authorities?
I conducted my own investigation into finding out who the phisher is:

Hello, Udo Rauschenberger!

As you can see, Udo Rauschenberger has purchased many domains for phishing purposes.

The bottom line is that amateur phishers make all kinds of mistakes. Therefore, reporting them is key to diminishing their domain portfolios.

Conclusion

Phishing is a technique used by cyber criminals to attempt and steal your personal information. This type of method has become extremely popular recently, and you should always be vigilant when asked for sensitive data.

These simple tips and questions can assist you in avoiding most of the common phishing scams circulating on the internet today.

Some carefully crafted emails may even trick the most tech savvy professionals.

Take what you’ve read in this article and apply it to protect yourself from phishing attempts by identifying suspicious emails and websites.Always remember that the more you know about phishing, the safer your private information will be.

Always remember that the more you know about phishing, the safer your private information will be.

You Might Also Like

Back to top
%d bloggers like this: