Cybercriminals excel at leveraging the sense of trust that we have with familiar brands to deceive us into giving up our personal information. A common method for doing this is using phishing emails that send you to a fake website or implant malicious software on your computer.
What is Phishing?
Phishing is when a cybercriminal pretends to be a legitimate person or company to extract user information or personal data such as account information, birthdates, social security numbers, and credit card information.
Phishing can come in many different forms but a common tactic is sending out an email that appears as though it is from a reputable brand such as PayPal, FedEx, Amazon or Apple. Since many people have accounts with these large brands, they are easily deceived into thinking the email is regarding their actual account.
Through these emails, users are often sent to a fake website where their computer is attacked by malicious software or they are asked to enter the information that the criminals are trying to steal.
How to Spot a Phishing Email
Familiarizing yourself with how to identify a fake email is the first step in preventing this scam from working on you. Let’s look at an example and identify all of the red flags that could be in a phishing email. Look at this email and see if you can spot all the warning signs:
Items visible in the email:
- The “from” name is “Wells Fargo Support” but if you look close the email is actually sent from email@example.com.
- The message was marked by the email system as spam.
- Punctuation, capitalization, and grammar throughout the email are inconsistent or incorrect.
- On the button that says “Confirm Wellsfargo Account” Wells Fargo is merged into one word.
Other things to look out for:
- In the footer of the email, none of the links are working links. Sometimes these links are even populated with links to the official website to appear legitimate.
- If you hover over the link button, you can see the URL in the lower-left corner of your screen. From that, you can tell that the domain of the website address is not wellsfargo.com.
This email had 6 or more signals that showed that it was not legitimate. Some of the more sophisticated phishing schemes will look and appear more genuine. Many times scammers will use the official company logo and copy the look of the official website to replicate the branding and identity of the business they are impersonating.
If you are not sure if an email is a phishing scam or not, you can exit your email and navigate to the official website of that company instead of clicking-through with the link.
Although phishing is common, educating and training yourself on what to look for will help prevent being victimized by this crime.