Whether you realize it or not, you have likely been targeted or know someone that has been targeted by a phishing scam. They are the most common cyber incursion today with scam attempts steadily increasing over the past several years. Good news is you can avoid falling into phishing traps with a few simple best practices.
What is it?
Phishing is one of the simplest forms of a cyber scam —most often coming in the form of an email or text message. The goal is to gain your personal identification information. This means passwords, account numbers, credit card numbers, social security numbers or anything that can be used to take your identity. Although email and text messages are the most common form, phishing has spread to social media and messaging apps.
How does it work?
These messages usually try to masquerade as a company you know and trust. To better pass for the company and further gain your trust, they will add little details like the company’s logo to the message. Logos for major organizations are often available online for anyone to download and use. Scammers will even go as far as creating a landing page (if not an entire website) that looks like it would belong to that company.
The content of the message will vary, but most often with an end goal of leading you to a fake website or to unwittingly download and install malware. Be aware there are long game schemes as well. Hackers using fake social media profiles have been known to build rapport with a victim over several months or even years. Once that trust is established, a ploy is used to get personal information handed over to them.
What can I do?
Knowing what phishing attacks are gives you an advantage and promotes remaining guarded —especially with emails from unrecognized sources. The vast majority of these attacks have red flags to look out for. Some key indicators include:
Poor spelling and grammar. Basic errors are common in messages. Official correspondence from major organizations are likely to be professionally written.
Suspicious website URLs. Fake websites are created to lead victims to. These websites (like the messages) will have details that seem off. Don’t brush it off. Take time to give the link a second examination and look for text that doesn’t seem to fit.
A strange sender address. This is something that usually can’t be faked. Even when everything in the email looks accurate, including a proper logo, professionally written message and correct company information below, the sender address could be the giveaway.
Offers too good to be true. “Your subscription is ending soon. Click below for a lifetime subscription for only 99¢ now available for a limited time.” If you find this in your inbox, chances are it really is too good to be true.
Below is an example of a previous email sent to our customers by a scammer. Look closely and see if you can find some indications this is a fake.
At a glance, this could pass for an official correspondence from Reliance Connects. It’s not until you look closely at the details that you realize there is something phishy about this email and doesn’t sit quite right with you. Well, you would be correct. We have highlighted some of the key indicators found in this message below.
One of the best things you can do is listen to your instincts. Even if you can’t peg exactly what is wrong or bothering you with the message. Call the company’s official number that you have used in the past and double-check the validity of the message. You could be doing yourself a huge favor.