Nowadays the biggest dangers come from hackers. Most of the malware, viruses, and other such dangers can be blocked by antivirus and antimalware programs, and there are also things like VPNs that can help you avoid infections in the first place.
However, there’s nothing that can protect you from trickery that comes directly from another human. Well, nothing except for your own wits and knowledge on how to recognize the threat.
One of the most direct ways of hacking, that has also grown to be surprisingly popular lately, is via phishing emails. If you don’t know what those are, the concept is pretty simple.
A hacker will create a fake login page that will resemble pretty closely the login page of some real service. It will then send it to you via email and try to trick you into going there and logging in.
Of course, your login attempt will fail, but now, the hacker will have your credentials.
Falling for this sort of baits is surprisingly easy.
Sure, it seems unusual to get a special email from your bank, or some other service that asks you to go to your account, and even sends a login link. However, it all seems legitimate and official and add the fact that they will say anything to get you to try and get to your profile.
Lately, many hackers have contacted their victims and pretended that there’s something wrong with their taxes, bank accounts and alike. When you receive a notice like that, your first thought is that there’s another problem that needs fixing. Not many people suspect that someone’s trying to trick them, and that’s what the hackers are counting on.
All it takes is a single moment of dropping your guard or not paying attention, and you could become a victim of these criminals.
Luckily, there are several ways for you to recognize phishing emails, despite their official look and a number of fake explanations that they provide.
The fact is that these scams often have a lot in common, so there are patterns that you might want to watch out for. We are able to point them out for you.
Table of Contents
- 1 10 Tips For Spotting And Avoiding Phishing Emails:
- 1.1 #1 They Ask For Personal Info
- 1.2 #2 Fake Display Names
- 1.3 #3 Watch Out For Fake Domains
- 1.4 #4 Search For The Logo
- 1.5 #5 Don’t Open Suspicious Links
- 1.6 #6 Check The Spelling
- 1.7 #7 Don’t Open Attachments
- 1.8 #8 Pay Attention To Their Greeting
- 1.9 #9 Watch Out For The Language
- 1.10 #10 Check The Sender’s Digital Signature
- 2 Examples Of Phishing Attacks
- 3 It Doesn’t Hurt To Be Skeptical
10 Tips For Spotting And Avoiding Phishing Emails:
#1 They Ask For Personal Info
Despite the fact that email looks and feels private, it’s probably not. At least not completely. Banks and other services are aware of that, and they would never risk asking for or sharing any confidential info to be sent to them via email. That means that you’d never get a request for confirming your password, credit card number, or anything else like that.
Your real bank or another service might contact you via email, but they would probably invite you to come and deal with an issue, instead of doing business over the email. No, if someone asks for your personal info via email, it’s almost definitely a scam, and you shouldn’t fall for it.
#2 Fake Display Names
Most scammers know how to play their victims professionally, and that they have to present themselves in a reader-friendly way in order to even get you to open their email.
Don’t fall for that, but instead, check their email address. If you find it to be suspicious, don’t open anything, it could be a trap.
#3 Watch Out For Fake Domains
Many of the phishing attempts use fake domains in their email addresses. The domain is the part of an email address that comes after the ‘@’ symbol. Scammers can’t really use the real domains for their illegal actions, so they often create fake ones. These might contain things like different letters, and it’s possible for you not to notice things like that on the first, casual look.
That’s why it’s important for you to inspect the email address of the sender as thoroughly as you can. For example, if someone tried to trick you into thinking that they’re PayPal, they might use the email address with a domain that says ‘@pay-pal.com‘, instead of the real one that’s ‘@paypal.com‘. The change is minimal, and many might not even realize that something’s wrong until it’s too late.
#4 Search For The Logo
Fake emails will do their best to copy the originals, but at the end of the day, that’s what they are – only copies. Most of the time, they’re obviously imperfect, and all it takes to notice that is one hard look.
When it comes to counterfeit logos, they are mostly copied from the real website of the real service. The version that the scammers might use will probably be in lower resolution, or maybe even altered in some way. It’s a good idea to compare it to the one that you know it’s legitimate.
You can go to the real service’s website and compare it to that one, or even better, compare it to the one from the older emails, ones that you’re sure are real. Other than that, you can check the FAQs and Help sections on the service’s real website. If someone’s impersonating them on regular basis, chances are that they’re aware of it and that they will warn their users about it.
If a link looks weird to you, and not like something that you’d expect from the service that has contacted you, trust your instincts and don’t open it. We’ve already mentioned that some of those links might lead to a fake login page, but some of them might even lead to malicious websites, and only opening them might start the process of downloading some threat on your device.
This advice is something obvious, and you probably think that you’d never do something like that anyway. Still, when you’re in a rush, and you’ve just received a disturbing information, you’ll try to find out all that you can about it. That might include clicking on a provided link, and even if you realize what you’ve done even a second after you’ve clicked it, it may already be too late.
#6 Check The Spelling
Bad spelling doesn’t necessarily mean that the email is a part of a phishing scam, but it’s definitely something to watch out for. Official services may not be perfect themselves, but they would never allow themselves bad grammar and irresponsible typing errors.
Simply take your time, read the email carefully and patiently, and make sure that everything seems legitimate before opening anything else. Half the problems wouldn’t exist if we didn’t constantly rush things, keep that in mind.
#7 Don’t Open Attachments
Attachments are another way that scammers are using to get your device infected with malware.
Most of the time, scammers would try to trick you into giving away your data by yourself, but some of the more aggressive ones might fill you up with spyware, ransomware, or some other, similar threat.
Opening attachments would mean the start of a downloading process, and you should avoid it at all costs. If there’s anything at all that might seem out of place, don’t click on it.
#8 Pay Attention To Their Greeting
Keep an eye out for this, since it’s one of the more obvious clued that you’re dealing with a phishing email. Hackers that are sending the phishing emails have probably got their victims addresses from the hack of some other service.
They probably didn’t even do the hacking themselves, but instead, they simply bought the data, including your email.
So, they now have a bunch of email addresses and they are going to try and scam people. They won’t type each email individually because that takes too much time. Instead, they would sooner generate a message that they would send to everyone at the same time.
That would make emails seem not very personable and vague. On the other hand, their salutation might even be a bit too friendly and unprofessional. It’s hard for them to find the middle ground, and so they are often easy to spot.
Still, there are some types of phishing emails that are used for targeting specific groups of people. They might be connected to their interests, jobs, or some other aspects. Those are usually more precise, and therefore more successful as well.
This method is called spear-phishing, and despite it having the most success, it’s pretty rare, and such precise scams are smaller in number. It’s much easier to just send one, big, vague email to tens or hundreds of addresses and wait for at least some results.
#9 Watch Out For The Language
Many of the phishing emails will use words that are expected to put you in a state of fear or anxiety. Their primary purpose is to create a sense or an atmosphere of emergency. This is one of the psychology games that these scammers use because they know that they must play on your feelings.
Someone who’s in such a state will often hurry to see what the problem is and how can it be fixed. They won’t bother with checking the grammar, or whether the email address looks legitimate or not if there’s a possibility that they have a major tax problem.
That’s what the scammers are counting on, and they’ll try to put their victims in such a state of mind. Once they’re panicking, they might click on anything. Even go to a malicious website, despite their better judgment.
#10 Check The Sender’s Digital Signature
Real services are aware that they’re constantly being impersonated by scammers, which is why they are including personal digital signatures as proof that they are the real deal.
Most of the time, it’s some sort of stamp that might come as an attachment. Examples of this are smime.p7 that Mac OSX and iOS email users might be familiar with.
If the attachment that comes with an email seems fishy to you, or if there isn’t any at all, then the sender should definitely be considered suspicious. If you find yourself in such a situation, decide carefully what you’re going to do next.
Examples Of Phishing Attacks
One of the best examples of how the phishing attacks work is the incident when the criminals managed to steal and use the identity of the Irish government. They then used it for targeting users of PayPal. They did it by creating a fake address and pretended to be the government agency.
By using this method, they managed to bypass security measures like spam filters and got to the PayPal users’ inboxes. Everything looked real and official, and a message that tried to put users in a state of emergency was displayed when the email was opened.
Victims were told that their accounts are going to be limited and that they must contact PayPal urgently to restore them properly.
Of course, they conveniently provided a link instead of a phone number, and then they simply waited for panicking users to get affected by their scam.
Another similar scam occurred when hackers imitated the Royal Bank of Scotland. They demanded from users to verify their account details via email so that their account security would be updated, and their accounts more secure.
It Doesn’t Hurt To Be Skeptical
The internet is a great place, but it’s naive to think that it’s not dangerous. Paranoia about these things might be a problem, but healthy skepticism is highly advised.
You should always do whatever you can to check the legitimacy of the email, as well as its sender’s. You can even call them on the phone, just make sure that you use the number from the official website and not the one provided by the suspicious email.
By following the tips that we have provided, you should be safe from becoming a phishing attack victim. Simply keep them in mind, and don’t allow any email to put you in a state of panic or play with your feelings.
There’s nothing so urgent that would be sent to you via email, at least not when the legitimate email is in question.