How to Spot a Phishing Scam

Have you ever received a strange email from a friend, or what looks like a credible company? An email saying “Hey you’ve gotta see this!” with a link? Or an email claiming you ordered something you didn’t?

This is a form of email scam known as phishing. It’s extremely common and most of us get dozens of these types of emails every week. Sometimes your email’s spam filter will automatically sort them into a junk folder or delete them, but some may get through, and it’s those that you need to keep a watchful eye for.

What is phishing?

Phishing is the practice of trying to gain sensitive information such as usernames and passwords, banking information, and otherwise private information from users by using deception and scare tactics. Scammers often disguise themselves as a friend, colleague, or even a legitimate business or service reaching out to help you with a problem, such as an online retailer, your bank, etc.

Take this email claiming to be from Walmart for example.

Phishing Scam Example 1

Example of a phising scam email claiming to be from Walmart.

This email claims to be from Walmart Shipping Customer Service reaching out to help with the delivery of a package. There are a few obvious mistakes in this email that make it standout as a fake. For instance, there are two L’s in the logo they’ve used. When you read the message, there are also a few spelling mistakes and it’s clear it was not written by a native English speaker.

But if you were to just quickly skim the email you might be deceived into thinking it’s the real thing. Especially if you had actually ordered something from Walmart recently and were concerned your package may not be delivered.

You’ll notice the use of a scare tactic here, claiming that if you do not reply within 48 hours your order will be canceled and they will deduct a service fee. This in itself is a clear indicator of a phishing scam. Reputable companies will never use threats or coercion tactics in their emails.

Clicking that link will send you to a spoofed webpage where the scammers ask you to fill out your information. Usually these pages look very similar to a standard sign-in page. Once you enter your info, the scammers record it to take advantage of later.

Here’s another example. This one claims it’s from “From Ebay” which is the first sign that something is wrong. If this email were truly from eBay it would just say “eBay”.

Phishing Example 2

A phishing email claiming to be from eBay.

At first glance this email looks similar to an email from eBay. The logo is very similar, but not quite the same.

phishing ebay logo comparison

Left: Fake eBay logo from a phishing email, Right: the real logo from the eBay website

It’s claiming to be an order confirmation for a very expensive computer. Clicking on that link will likely take you to a page asking for your sign-in information, which the scammers will record and use as they see fit at a later date. By then you’ll most likely have completely forgotten about the strange email asking you to confirm an order you never placed.

Banks, credit card companies, Google, even the United States Post Office has been used a disguise for scammers phishing for your sensitive information. Sometimes their fake emails are so convincing that it’s hard to tell they’re not real unless you know that company has no reason to contact you.

So how do you protect yourself from these advanced scams invading your inbox?

Protect Yourself from Phishing Scams

The best way to protect yourself is by being aware that these types of scams exist in the first place. Once you are aware of phishing scams you’ll be able to spot them much more easily.

  • Ignore emails asking for your sensitive information such as credit card, banking info, or your social security number. Reputable businesses and organizations will never ask for you to reply to an email with personal info.
  • Don’t click on links within an email you think may be suspicious. If you’re worried that the email may be real, open your internet browser and type in the web address yourself to make sure you’re being taken to the actual website and not one that’s been spoofed to collect your personal info.
  • If you receive an email that is trying to scare you or threaten you with consequences for not providing them with sensitive information, just ignore it. Scare tactics are often used in phishing scams.
  • Be on the lookout for misspellings in company names, both in the email and in the URL’s of any links provided within the email. Scammers often use misspellings of company names in urls to fool people into thinking they are on a legitimate website. One way to double check a URL is to hover your mouse over it. If you’re on an iOS device such as an iPhone or iPad, tap and hold your finger on any link and it will display the URL.
  • If you think you may have been tricked into giving out your sensitive information to a scammer contact your bank and credit card company immediately. Also make sure to change your passwords to prevent them from accessing any of your accounts.
  • You can also visit the FTC’s identity theft website: ftc.gov/idtheft. Phishing scams can sometimes lead to identity theft.
Showing caution before clicking a link that seems suspicious can not only keep your personal information from being stolen, but can prevent your computer and data from being infected by malware as well. Often times phishing emails and spoofed websites will contain malicious software such as viruses attached to them, infecting your computer and allowing the scammers to gain even more access to your sensitive information.

If you think you may have been tricked into giving out your sensitive information and are worried your computer may be infected with a virus give us a call today. Our technicians can scan your computer for malware to make sure you and your data are safe.

Give us a call at 732-914-8324 or click here to schedule an appointment.

No comments yet.

Leave a Reply