Greg Wilson, Head of Information Security, 1st Global Research & Consulting
A common, growing problem in the technology world is phishing, which is a tactic used by cybercriminals to try to obtain financial or other confidential information from unsuspecting individuals. This is typically done through email messages or phone calls with the ultimate goal being to steal money from the victim. There are a variety of signs indicating that what you’ve potentially received is a phishing attempt.
Be on the lookout for the following warning signs that could help you identify phishing tactics.
- Information sent to multiple receivers: If you receive an email with a sensitive document, such as a bank statement, that is sent to more than one individual, this could be another warning sign that the email you’ve opened is a phishing scam.
- Improper use of the English language: Most phishing emails are automated or originate outside of the U.S., which results in poor grammar, spelling errors and improper sentence structure. They normally don’t sound like anything that a person would sensibly say.
- Domain/sender inconsistency: Phishing emails often appear with mismatching information, such as a display name that is different than where the email is coming from. For example, you might receive an email that claims to be from “Wells Fargo,” but when you hover over the email link, the email address where the email is actually coming from is not a Wells Fargo email account at all.
- Email signatures: Many phishing emails contain signatures that have simply been copied and pasted from websites, or the titles listed and aren’t the correct titles for the “senders” of the emails. If you notice that the name or title doesn’t make sense, or if there is a nickname in quotes or parentheses, this could be another indication that it’s not a trustworthy email.
- Information verification: Banks will never send emails to request your personal information or to ask you to verify sensitive information. If you receive an email from a “bank” with such requests, you should contact your bank by calling the number on the back of your bank card or the number provided in your statement. You should not take any action based on the email, such as responding to the sender with your information or attempting to log in to your account by using the link provided in the email.
- Unbelievable offers: Phishing emails frequently contain offers that are very promising but hard to believe. More often than not, if something seems too good to be true, it probably is. If you didn’t initiate, apply or ask for something and suddenly become a “winner” of an incredible offer, it’s highly unlikely that the information you’re receiving is valid.
- Requests for money: Phishing emails sometimes make pleas for individuals to wire money, often to other countries. They try to use heartfelt stories to gain sympathy, hoping to sway victims to send money to the requestors.
- Threats: Cybercriminals will often use forceful messages that claim individuals are late on bill payments and will be arrested if they do not pay immediately. A professional debt collector will never use email — especially a physically threatening one — to obtain payment from anyone.
- Links: Many phishing emails contain links that could lead to the spreading of malicious software on individuals’ computers. If you have any doubts at all about a link in an email, do not click on the link. You can hover your mouse (without actually clicking) over the link to see if the address matches the link typed in the message or if it leads to a questionable site. Delete these types of emails, and delete them from your deleted emails. Do not forward these emails to anyone.
Phishing scams can come in a variety of forms, and it’s important for individuals to be cognizant of the information they are giving out and to whom. Always verify the sources contacting you, and treat all unsolicited phone calls and emails with skepticism. It’s better to be safe than to become phishing bait.