There are so many scams out there that are designed to steal your information. One of these scams is known as phishing. According to Wikipedia, “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
Simply put, hackers draft and send emails and publish websites that look almost exactly like the real deal in hopes to steal your private information. Here is how they do it:
Hackers first create crafty email that use real logos, names, addresses, and information from your favorite shipping company, bank, auction house, and whatever other popular site you might use to take care of your virtual errands. These emails look legit but always have blatant red flags. They also always include a call to action and for you erroneously be tricked into clicking.
Do you see the red flag in the screen shot above?
The email is from someone called Gillian; however, the email address shows Erickalt@mail4y.com. Why would FedEx send an email from @mail4y.com instead of from @fedex.com? Another Red Flag you can’t see right away, but is there, is when you hover over the “click here” and “view messages” button; the links have nothing to do with FedEx and fedex.com is no where to be found even when hovering over the unsubscribe link.
Common Call to Actions found in phishing emails
- Click Here
- View this Message
- Reset Your Password
- Respond Immediately
- Track Your Package
- Download this File.
Keep in mind, if you delete the email, never respond, never click the link, or never download the file, their plan has failed. They never gain a thing by you just opening and reading the email.
Hackers use nearly identical websites that also contain logos, logon forms, password reset fields, and other basic information to get you to believe you are at the correct site. They hope you type in your real username, password, social security number, mothers maiden name, etc into their fake site. Submitting this information captures the data and then they turn around and use it to sign into your site later or sell your information onto the next thief. From there, there is no telling what they can get at.
These scams are not viruses or spyware so the best way to protect yourself against phishing attempts is to learn how to identify phishing emails. Here are some common tips.
How to identify fake emails used to steal info
- Fake URL’s – Keep an eye out for fake URL’s. You can see where the link goes before you click it by hovering your mouse over the link. Does the link go to a known website / URL? Never click a link until you are sure you know where it goes. For example, if your email came from “FedEx” but the link within the email goes to www.fedrex.com, you should not click it. Hackers are sly and hoping you don’t spot the mistake in their ‘from’ email address or domain name.
- Threatening or Pushy – Does the email sound threatening or pushy to get your personal information? No respectable company will ask you for passwords, birth date, PINS, or other sensitive information over an email. They will not threaten with lawsuits, cancellation of services, or increased fees by you not responding. So, unless you are expecting them to email you and you are aware of some kind of late payment then don’t be alarmed.
- Grammar – How is the spelling and grammar in the email? Sometimes just reading the email thoroughly will display grammatical red flags. Does the email sound like it is coming from a foreign country? If so, it probably is. Mass emails from real US companies that you likely do business with are carefully drafted and proofread multiple times before sent. You might find one mistake but the entire email will not be riddled with them.
- Sender’s Email Address – Look closely at the sender’s address. Does it match the right company? For example; if the email is from FedEx, did the person that sent you the email display @fedex.com or @mail4y.com? Never trust “business communication” sent from a public email domain such as Hotmail, Gmail, Yahoo, etc.
- Your Name – Check your name. Did the business address you by the correctly spelled name or is it something generic like, “Valued Customer”? Real companies have your real name and will likely use it; hackers, only have your email address and hopefully nothing else until you give it to them.
Ask yourself these simple question when dealing with Phishing emails.
- Do you recognize the sender? Am I affiliated with the person or company that is sending me the email?
- Are you expecting the email? Did I ever ship a package with FedEx? If not, why would they be reaching out?
- Are they threatening me? Is there a call to action that sounds urgent, severe, or threatening? Should I be expect this?
- Do the links match the sender?
Always error on the side of deleting the email if you cannot decide if it is a trick. Many times you can simply copy and paste a portion of the body into Google and you’ll get results indicating it’s a scam. You can also forward the email to firstname.lastname@example.org and we’ll show you the red flags and let you know if the email is phishing or not.
Stay safe and avoid a nightmare by responding, clicking links, or providing these hackers with your personal information.