There are 156 million fake emails sent to solicit personal information every single day. They often look every bit as legitimate as regular emails. With so much fraud out there, what’s the best way of separating emails you need to read from the ones that could harm you?
If you, a friend, or family member is subjected to ‘phishing’ emails trying to scam you out of important data and login information, this guide will help you determine what’s legit and what’s not.
What is Phishing?
Email scams that try to get information from you (rather than selling you things) are called “phishing scams.” These typically involve links to fraudulent websites that collect consumer emails, usernames, and passwords. That these links appear to be from legitimate sources is all part of the act.
What’s worse, sometimes these emails contain computer viruses that install themselves onto a computer browser or a hard drive. This code can continue to collect and send usage data down the road or impact a computer’s overall functionality.
How These Email Scams Work
You can have the strongest firewalls and antivirus software but, as the saying goes, a chain is only as strong as its weakest link. And in the case of phishing scams, that weak link is usually a human being.
Phishing scammers rely on gaining the trust of their victims by using messages that appear to originate from a credible source.
Some of their tactics include:
- Spoofing official-looking email addresses or impersonating known trusted entities (banks, government agencies, etc.)
- Threatening penalties from a bank or government agency
- Exploiting sympathy by soliciting donations for a fake cause or charity,
- Promoting a sweepstakes or contest with little perceived risk (“I figured, it may be a hoax but what’s the harm in just submitting my email?”)
Typically, a phishing scammer will ask for personal or account details, or ask you to click on a link included in an email that might download malware into your system. Once these actions have been taken by the victim, the “hook” has been set and the real problems have begun.
How to Spot a Phishing Scheme
It’s always worth paying attention to how and when you give away your data. Legitimate companies will never ask for your account number, username, or password over the phone or email. They do not need this information to provide customer or technical assistance.
Scammers on the other hand often use a trusted company’s logo or even their actual website address in their emails to make them appear trustworthy. These emails often contain an embedded link that claims it will direct you to your bank or other site.
A few tips on how to spot an email scam:
- The domain of the website isn’t the same as the one you usually see a company use.
- Email is generic, addressed to ‘customer’ rather than using your name.
- There are typos or misspellings suggesting that the writer is not a native English speaker.
- The email solicits financial or other personal information.
If you think the email might be legitimate but have any doubts, visit that company’s website directly. You can also contact the business or bank to verify that the email is valid. Most companies will have an “abuse” or “security” link in the footer of their website.
How to Take Action
Don’t let phishing scammers prey on you and your family.
October 18-24 is Internet Privacy Week – an entire week dedicated to raising awareness about threats to consumer data and privacy, including phishing. Join us, along with TechDirt, in supporting an Internet Privacy Bill of Rights.
To learn more about Internet Privacy Week and how you can help hold companies accountable for privacy, follow us on Twitter and Facebook and sign up for our newsletter in the sidebar.
You can also check out other privacy topics on our blog.
For more information of phishing threats in the consumer and business world, as well as tips from experts on how to avoid phishing scams, check out this great article in Digital Guardian.
Check out the Anti-Phishing Work Group as well for ways to help fight phishing and other fraud scams online. And the US Federal Trade Commission has a special website to help people deal with phishing scams.
Basil Harris is a content writer at Namecheap.com. His default email font is Verdana 11.