Phishing, don’t you mean Fishing? Even though these two words have a different definition, in this case, they are similar. We live in a world now where more and more online social cultures are forming. In these cultures, are hackers, spammers, crackers, but no matter the name, it is an attacker. These misguided and messed up individuals and groups use their smarts to attack the innocent. The methods they use in messages, makes it hard to recognize a phishing email or text.
Phishing is the fraudulent practice of pretending to be someone you know. It could be a familiar company, an ad you can’t refuse, your doctor, family member or even yourself. These Phisher’s goals are to get you to reveal personal information, such as passwords and credit card numbers. But that isn’t all, they are looking for metadata as well. Metadata is behind the scene information in your emails and text messages. With this information, you can be compromised in oh so many ways.
The Most Common Phishing
The most common way to recognize a phishing email or text, is when you are asked for something. The message may read that your credit card is expiring and needs to be updated. This may even say it is coming from a bank you recognize. Another popular one is, your Amazon Prime account has suspicious activity on it. There are others that say you have payments or refunds coming to you. Many times, these refunds or payments say they are from PayPal or Amazon.
It is becoming more so the way of life for everyone to manage their lives with a phone or mobile device. So, text message phishing is becoming more used than ever before. You may get messages that read you have won a prize, click here to claim. Another is pointed at many unemployed people. You may get a text that reads, click here for this latest job opening. On both email and text, you will find messages about your car warranty. Some are your mortgage.
There are those messages that are a little more subtle. They will read, “Take this Survey” based on your last doctor visit. Then you have the ones, mostly found in emails. The message sender is from a family member or yourself. This is called “Spoofing.” What the spammer is doing is tricking the email by manipulating the header information that you can’t see. So, the sender can be your email address, but if you replied, would go somewhere else.
Phishing Email Examples:
1. Sent by the Government
A message that looks like it originated from a government official or department, designed to scare you into providing your personal information. These messages can refer to you illegally downloading files or that your internet access will be revoked.
2. Sent by or someone claiming to be a Friend
This one can fall under the spoofing mentioned above. The email could read that it is from a friend or someone claiming that you are friends. These usually are asking for money, your credit card info, your home street address. Sometimes, this can be a phishing tactic. You might get an email from a supposed friend that ask nothing but leads you into topics that your reply reveals certain things. The series of emails will give this Phisher all the info in the end to steal your identity. Unfortunately, if the sender identity has been spoofed, it becomes difficult to recognize a phishing email or text at first.
3. Billing and Shipping Issues
This one can be very tricky if you don’t pay attention to it. The email can read that your purchase can’t be completed due to incorrect billing or shipping information. It may say that your address needs updated or that your funding needs updated.
4. Your Account is Fixing to or Has Expired
The email will look like it came from a company you may have an account with. It will direct you to log in to your account immediately to prevent it from being expired or delete. They provide you a link to click, this usually leads you to a spoofed page that just collects your username and password.
5. Your Account Has Been Compromised Tactic
An email that claims that one of your accounts; bank, entertainment, store, etc., has been hacked or is at threat. They want you to click the link provided to change your password or verify your account. It could also ask you to download a file or open an attached excel spreadsheet.
6. You Are a Prize Winner or You Are Claimed to an Inheritance
Being that this is almost number one on the list of Phishing emails. The message will read that you won or there is an inheritance waiting for you. All you have to do is click the link. Usually, the Inheritance is a money laundering scam. They want you to let them place a large amount of money in your bank. You might think you might be able to trick these scammers out of the money, but you can’t. Banks know these types of fraud and your account will be suspended as soon as the first penny drops in the account.
7. Bank Notifications
This could be an email alerting you that you have insufficient funds or there has been a withdrawal. It will then provide a link for you to enter your bank account number. Always call your bank or visit them. They will more than likely want a copy of the email to send to their fraud department. The more information that can be provided to banks on fraudulent emails, the better protection they can put in place.
8. The Threat Email
An email immediately accusing you of not paying a bill. Possibly someone sent you money and never got what they paid for. It always ends with they are going to report you. This type of message is a gamble on some people sell on Amazon or eBay, or some sales type platform. It is to get you to react. So, you may click the link or open the attachment out of haste.
9. A True Fishing Expedition
You are asked to reply to this email out of many past attempts to get a hold of you. They sent you the email and need a reply to confirm that you are at this email address. The email claims they are doing a checkup and for security reasons need you to reply, or reply with information. Known as “bait and hook.” This is where they are looking for your IP address or other metadata that is in the header code of your email. NEVER REPLY!!
10. Tax Refund Request
You could get an email letting you know that you are due a tax refund or credit. They provide you a link to click on so that you can submit all your tax information. More than likely, it will take you to a spoof page. It is a ploy to steal your identity.
11. Social Media Account Theft
You may get an email stating that you need to log into your account to keep it active. Or, it could be you need to respond to a message. Never click on the links for these. If you are really concerned, go directly to your social media account through your web browser. Through a saved bookmark but never through an email.
12. The Job Offer
There are a whole lot of emails going out with an offer to work for a big company. They will even provide a real company website link in the email. It usually offers $2000 to $4000 a month. Usually doing scheduling type work. If you click the link, it will even take you through what seems like a test for the company or a real hiring process. Be aware of this type email. The best way to spot it is look at the sender email. Most of the time it is a Yahoo or Gmail address.
13. Updates From Computer or Printer Vendors
People will get emails claiming to be from HP, Dell, Epson or some main manufacturer. The email will read that you need to update your BIOS or your OS or your Printer. They usually attach a file to be opened and executed or provide a link. DELETE this email as this is designed to destroy your computer. I have seen this many times for the BIOS update. It does update the BIOS but with a code that stops it from ever working again. Manufacturers do not send out updates in emails like that. If unsure, go to the manufacturer’s website to see if there are any current updates. Only get the updates from the manufacture’s site.
14. Your Virus Protection Is or Has Expired
Much like the “Your Account Has Expired” from above, this is designed to get your personal information. If ever in doubt about when your Anti-Virus is going to expire. Go into the program and look under Tools or Help and it will tell you when it is expiring. Most virus protection program automatically tell you when they are expiring. They do not send you emails like that.
What To Do When You Get A Phishing Message
Anytime you get an email stating a threat; concern; activation; deactivation; offer; confirmation; refund; address request; final notice or any of the above type emails. Always look who the email was sent from. Ensure that the sender’s domain in the email address is from the company they claim. If you are concerned that the email is valid, exit it and go straight to the website through your browser.
Or make a phone call to a verified known number of the establishment. Never click links inside an email unless you know and trust the sender. When I say go straight through your browser. That means do not copy or click on the link in the email. If the email says it is from your Amazon account for an example. Then using your browser, go to your Amazon account like you would if you were searching or logging in.
If you have gotten a suspicious email that you are unsure of. Either do not open it at all or if you do, never reply to it or click on any links in it. The way to recognize a phishing email or text more than any other way is to look at the sender. If it is a text message, if you do not know the number that sent it or recognize some part of it, delete it.
For emails, always look at the sender. If you do not know the name, be careful. If it claims to be some company you are familiar with, ensure that company name is the domain part of the email address. Example is as follows:
Understanding Legitimate Email Addresses
If it is an email from amazon, let’s say the support department, it should be support@amazon.com. But if it reads support@amazon.support.xmfao.com, delete it. Email address are created off a domain name. Huge companies like eBay, Amazon, Suntrust, Comcast will never use anything but their domain name in their email addresses. Same with any links in their emails. If they are directing you to their company site, the domain name will be the last part of the link. They never use URL shorteners.
See Examples To Recognize Phishing Emails
While writing this post, I received an email that it implies it came from PayPal. Possibly from a company called Dr. Leonard’s. However, the email address shows clearly it isn’t from either. You can see in this screenshot, that the sender’s domain is not related to anyone in this email.
Reveal The URL
You can hover your mouse over the links to reveal the true URL. In this case, the products are really from the DR. Leonard’s store. But the did that to convince the victim that this is a legitimate email.
URL’s Not Matching Throughout Message
You can see in this shot, the link they want you to click on is the one they plan on attacking you on. It says to Click HERE if you believe that this is an unauthorized Purchase. Since you know you didn’t order, your first reaction is to click on it. But let’s take a closer look. Hover your mouse over it and you can see it is yet another domain used. Not the same as any of the other in this email.
Being Sent To A Spoof Page
Using a safe environment, I copied this URL to see where it would take me. It took me to a spoof page that looked like I was logging into PayPal. This is designed to capture my username and password so they can steal my PayPal account.
Ensure It Is Legit
You always want to look at the domain names in the from address of any email to ensure it is a legitimate email. Whenever there are lots of letters and number, dashes or dots. This would indicate a fraudulent email.
URL Shorteners
There are some legitimate URL Shorteners, I use them on my websites. However, mine usually have my domain name in them so they can be trusted. You will find companies like Bitly, TinyURL, Ow.ly, and even Google has their own just for starters. It isn’t that shorteners are bad, it just allows spammers and phishers to hide dangerous URL’s behind them. So a shortened URL is another good way to recognize a phishing email or text.
Amazon offers for their affiliates, a URL Shortener but it actually has amzn.com in the URL. Even though this isn’t the full word Amazon, it is one you can become to know and trust. A true legitimate company will want their domain name in their links and in their email address. They want it in there as a brand and to gain your trust. When you get a page full of shortened URL’s, I recommend deleting the email.
9 Ways To Recognize A Phishing Email Or Text
They Don’t Ask For Sensitive Info
Legitimate companies do not send messages asking for usernames or passwords. they do not request any sensitive information through email. Most companies have portals on their websites for private information. Always ensure domain names match the company.
They Address You As You
Legitimate companies address you by your name if not full name. Messages that refer to you as Sir or Madam, Valued Member or anything along those lines are most likely spam.
Make Sure The Company Email Matched Company Domain Name
Always ensure that the sender, if a company, has the domain name in the email address. As mentioned above, this means that the very end of the email address is the domain name. There are those phishers that are pretty slick. They will add the domain name in the email address but it isn’t the end of it. Just read it carefully.
Spelling And Grammar
Look for spelling in the emails. Phishing emails are not proofed by a writing or PLR team like major companies are. Clues are words like there, their or they’re. Look for spelling and grammar, anyone can misspell, even the big guys but not very often.
The Whole Message Is Hyperlinked
Ensure that the entire email isn’t hyperlinked. You can do this by hovering your mouse anywhere in the email. If the mouse cursor turns into the hand, meaning there is something to click on. If it stays this way over the entire email, it can be recognized as a phishing email.
Beware Of Attachments
Most legitimate companies don’t send you attachments in your emails. Now you may have requested a document, but then you should be expecting it. Sometimes a company will send a document for your review but rarely. The usually will send you a link with their domain name in it. The link will take you to a portal on their site or a download page. Always beware of file types as follows: .exe, .scr, and .zip.
Ensure That Everything Matches
Always make sure links, URL’s, domains and email addresses match. When you get an email or text message that have a variety of links that do not match the sender or the company. This is a good indicator that it is a phishing message.
Look For Obvious Fake Email Addresses
There are many providers of temporary email addresses. EmailOnDeck; 10minutemail.com; Mailnator; Tempmail; E4ward; Guerrilla Mail; MohMal; ThrowAwayMail; GetNada; YopMail. These are designed for senders that do not want to be known. Anyone that is legit, personal or a company, will send you a message with a known or company email address.
Watch Out For Job Offers
In these days, many of us are unemployed, so when you see a job offer, you are quick to jump on it. There are phishers that send messages in both emails and text messages that offer work from home jobs. But when you look at the sender address, it is a Yahoo or Gmail address. Sometime it is a Russian address, you can identify them as they end with .ru. These are phishing emails to learn everything about you. The goal is to steal your identity and to access your bank account.
Conclusion On How To Recognize A Phishing Email Or Text
The best practice on recognizing phishing emails or text, is to only open or react with messages from known senders. However, in reality, it is just too hard to only react with know senders. There are always going to be emails or text we need to view. Even when you think you are reacting to a message send by someone you know, take a close look first. Spammers, scammers and phishers are clever. They have ways of knowing who you send emails to. Unfortunately, the people we message with, use their emails other places. Often these phishers can discover who they have emailed. These phishers have also known to scrape email addresses from companies you may have emailed or texted.
This scraping technique will give them a huge list of email addresses, but not are always valid. That is why they start sending you messages to get you to respond. They want to know if your number or email is valid. Once you react with the message, you just alerted them you are real. Even opening an email can flag them you are active. So it is always best to not open messages if you are for sure you don’t know the sender.
Read Carefully Who It Is From
Just keep in mind, the best way to recognize a phishing email or text, is when it is from someone unknown. From that point, proceed with caution. Analyze who it is from, if you’re not sure, check out the domain name on the address. Just Google the domain name and see who or what it is. If it is a legit company, then inspect the contents to make sure it all matches and makes sense. If it doesn’t, delete it.
Want To Learn How To Make Your Laptop Repairs Yourself?
Save money on computer repairs by learning to fix your own laptop, Including MAC - Anyone can learn!!
