Email phishing is a scam where you receive an email that looks official—from your bank or a large, well-known company like Microsoft or Apple. When you click links in these emails, the websites you are taken too often look official as well. However, they’re designed to do nothing more than steal your personal information. With your personal information, scammers can clean out your bank account, set up credit accounts in your name or your children’s names, and generally wreak havoc on your life.
In this article, we’ll look more closely at phishing scams, so you can better identify these threats and avoid them altogether.
Unprofessional Emails
Legitimate companies hire professional writers. On the other hand, emails from scammers are quickly written, or might have been translated from other languages. If the email contains spelling, capitalization, punctuation, or grammatical mistakes, be on your guard. Also, if the email doesn’t include the company’s address, phone, and contact person, it’s likely a scam.
You might receive an email with a heart-wrenching story that prompts you to want to help. Unfortunately, most of the time these emails will trick you into handing over user names, passwords, bank account numbers, or other personal information.
Scammers are experts at using context to make unreasonable demands appear legitimate. Those with limited financial experience, like high school or young college students, can be even more susceptible. They may be more easily led to believe a scholarship or job opportunity requires sharing bank account information as part of the procedure. It’s important for you to learn how to avoid these scams and the full extent of their consequences, but to teach your teenagers to beware, as well.
Dangerous Links
Links in bogus emails are highly suspect. Don’t ever click any link in any email that you’re not 100% certain you can trust. Hover over the link to see the URL you’ll be directed to if you click it. Let’s say you get an official-looking email from your bank. Instead of http://www.yourrealbank.com (which we made up for this article), a phishing email might use http://www.yourrrealbank.com or some other variation.
Did you notice the extra “r” in the second URL? If not, keep in mind that scammers do their best to make phony URLs look as official as possible. Never click any links, give control of your computer to anyone, or send any money. And, of course, never give any of your financial information to strangers—under any circumstance.
How to Stay Safe
Here are some tips that can help you avoid phishing scams.
- Don’t bank or shop online (or any other activity where you’ll be entering sensitive information like credit card numbers or your birth date) if you’re using an unsecured public Wi-Fi connection. Even if you trust the site and know it’s legit, scammers could potentially grab your information over the Wi-Fi connection. Tip: if you had to enter a password to join the Wi-Fi, it’s secured and should be ok.
- Check your online accounts regularly. Maybe you have a credit card with a zero balance you don’t use. Log in to the account on a connection you trust (like your home internet) to make sure the balance is actually what you believe it to be. If you don’t check periodically, scammers could do a lot of damage. Tip: use your computer or mobile device to set a reminder to check your accounts every month.
- Keep your software updated. This especially includes your browser, your email program, your operating system (Mac OS or Windows, for example), and your antivirus software. Security patches for apps on your mobile device and on your computer are released regularly. Tip: in most cases, it’s fairly simple to get your device to update itself—but many programs should be updated manually.
- Contact the company if you have questions. Let’s say you receive an email from a company you have an account with—like Twitter or eBay—saying you need to change your password. It bears repeating: don’t click the link. Go log in to the site in question as usual and change your password. Tip: it’s a great idea to change your passwords regularly.
- Report it. Forward suspicious emails to reportphishing@apwg.org, phishing-report@us-cert.gov and spam@uce.gov. These organizations work with security technology companies, law enforcement agencies, and other entities to fight phishing. Tip: if you can, also forward suspicious emails to the organization being impersonated. A little online searching can often turn up a company’s fraud address.
There’s not a single method that’s foolproof for avoiding phishing tactics. Always keep in mind that your bank account information is the key to your money, and your personal information is the key to your identity. And just like your key to your home, protecting the key to your money and identity keep them safe. If you wouldn’t give your house key to a complete stranger, be sure not to allow your personal information to fall into the wrong hands.