Is it a Phishing Attack? Here are some Signs to Look for.
A phishing attack is a common action by hackers who are looking to trick their potential victims. They do this by creating, and then sending, a fake email that seems to be from a legitimate source. The email might ask for things like your username and password for a company database, or it might have a link or attachment, which will download malware to your computer or network. More targeted phishing attacks look like they are internal company communications or between clients and employees. Here are some signs that a you might be dealing with a phishing attack:
The Email Asks for Personal Info
One sign that an email is a phishing attempt is if it asks for personal information. Most of these emails look extremely legitimate, and they look like they might be coming from a source like your bank or the owner of your company. However, in the case of a phishing email, this is not the case. Your bank, for instance, wouldn’t ask for your account information. They already have that information on record…so, if things seem a little out of place, they probably are.
The Email Asks for Money
Emails between employees, or from a client, requesting wire transfers are often fraudulent and should be followed up with phone calls or in person meetings. What makes the employee/client phish effective is often because either the employee or clients email account had been compromised, which means the criminal has the username and password for the email account and is actually sending/receives emails as the victim.
There is a Sense of Urgency or Panic
Emails from employees, coworkers or clients requesting urgent transfers are probably scams. The moment “urgency” comes in the picture, expect its fraud. Some hackers create scam emails that are designed to cause panic or to imply that you have to move quickly. For instance, the email might claim that your bank account is compromised, and to stop it, you must go to a specific site, enter your log in details, and then change your password. But, when you go to that site and enter your log in details, the scammer now has your banking information.
The Email Address or Website Looks a Bit Strange
Another sign of a phishing email is an email address or website looks a bit strange. In general, the bad guys try to put the name of the company they are trying to copy in the address, but it probably won’t be exact. For instance, if you have Chase Bank as your bank, and you get an email from @chasebank.com instead of @chase.com, you should delete it.
Do You Have Business with This Company?
You should also consider your relationship with the company that the email appears to come from. For instance, any email from your health insurance company, your bank, etc. should come from the organization’s system, not from a weird looking address. Also, if you don’t have an account, or business relationship, with the company that is asking for information, it is almost always a scam.
Your Email Address is in the “From:” Spot
Take a look at the email. Who is it from? Is it from you? Technically, it isn’t, but scammers try this all of the time. Delete these emails.
There are a lot of Email Addresses in the “To:” Spot
Also, look at the address where the email is going. Is it only to you? Is it going to a number of email addresses that you are not familiar with? In most cases, if a company has business with you, it will send the email only to you.
Look for Links
One of the most common ways people become victims of these scams is because they click on links in the emails they get. Some of these links download malware to your system, and other links take you to a page that will attempt to steal your identity. Before clicking on any link, hover over it and see where it goes. If the address looks strange, do not click on it.
There are a Lot of Grammar/Spelling Errors
Many of these scam emails come from overseas or from people who just can’t write. So, if you see a lot of grammar or spelling errors in an email, take note: it’s likely a scam.
Finally, if there is a weird attachment, PDF, Word Doc, even a .zip file in an email that you aren’t expecting? If so, then you should never, ever, open it. It is very likely there is a virus or malware contained within it. If you think the attachment might be legitimate, you should scan it with your antivirus software just to make sure.
About the Author:
Robert Siciliano personal security and identity theft expert and speaker on security awareness training is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.