Phishing: Don't Take the Bait
As the weather cools and holiday season approaches, my mind turns to the same place as everyone else's this time of year: phishing scams. Okay, maybe not everyone is thinking about this, but they should be, or at least be wary of the emails that end up in their inbox. While this type of scam definitely doesn't only occur during this time of year, scammers may try and step things up as people order various goods online. So what is a phishing scam? It is a type of scam where the scammer sends an email posing as a well-known, trusted company in order to get private information such as passwords, social security numbers, bank information, etc. from the unsuspecting public. Now the thing to remember about this type of scam is that they cannot get any information from you that you do not give them yourself. So how do you recognize if an email is legitimate or not? Below are a few things to look for in your emails before entering your credentials.
1. Spelling and grammar mistakes
Any large, well-established company sending out mass emails will typically not have any spelling or grammatical errors in the emails they send to you. They specifically hire people to try and make their messages to you as complete and as professional as possible. Therefore, when you do catch these sorts of mistakes, it may be a red flag about the sender of the email. It is definitely possible that the company made a mistake--don't dismiss the email completely from a typo--but if an email is riddled with mistakes you definitely have cause to be cautious.
2. Don't trust the blue hyperlinks
As the picture below shows, just because something is blue and underlined does not mean it is taking you to that location. You can write any text and have it link to any page you want. There are a couple of things you can do to watch out for this. First of all, you can move your mouse over the link without clicking it. A tool-tip should appear with the URL to where that link will lead. If they are different, you have cause to be suspicious (see picture below). If you do end up clicking on the link, make sure the URL on the page it takes you is the one you were expecting. Scammers often go to great lengths to ensure the fake page they created matches exactly the page that you are expecting. They don't have total control over the URL, however, so make sure if you are expecting to end up on Facebook that the URL reads https://www.facebook.com and so on.
3. Find out the truth for yourself
Often the scammers will tell you things such as your password has expired, there's been trouble with your account, etc. They will often also give some sort of ultimatum or warning that if you don't do anything, you or your account could be in trouble. So one thing you can do is to check out if what they're saying is true. If they say your password has expired, go to the website it expired for without clicking the link and log in to the page you know is secure. If it works, then someone was very likely trying to scam you. You can also email or call the business from information provided on their websites to double-check that the email is legitimate to see if your account really does have a problem. Make sure to do a little digging before entering any sensitive information!
1. Spelling and grammar mistakes
Any large, well-established company sending out mass emails will typically not have any spelling or grammatical errors in the emails they send to you. They specifically hire people to try and make their messages to you as complete and as professional as possible. Therefore, when you do catch these sorts of mistakes, it may be a red flag about the sender of the email. It is definitely possible that the company made a mistake--don't dismiss the email completely from a typo--but if an email is riddled with mistakes you definitely have cause to be cautious.
2. Don't trust the blue hyperlinks
As the picture below shows, just because something is blue and underlined does not mean it is taking you to that location. You can write any text and have it link to any page you want. There are a couple of things you can do to watch out for this. First of all, you can move your mouse over the link without clicking it. A tool-tip should appear with the URL to where that link will lead. If they are different, you have cause to be suspicious (see picture below). If you do end up clicking on the link, make sure the URL on the page it takes you is the one you were expecting. Scammers often go to great lengths to ensure the fake page they created matches exactly the page that you are expecting. They don't have total control over the URL, however, so make sure if you are expecting to end up on Facebook that the URL reads https://www.facebook.com and so on.
3. Find out the truth for yourself
Often the scammers will tell you things such as your password has expired, there's been trouble with your account, etc. They will often also give some sort of ultimatum or warning that if you don't do anything, you or your account could be in trouble. So one thing you can do is to check out if what they're saying is true. If they say your password has expired, go to the website it expired for without clicking the link and log in to the page you know is secure. If it works, then someone was very likely trying to scam you. You can also email or call the business from information provided on their websites to double-check that the email is legitimate to see if your account really does have a problem. Make sure to do a little digging before entering any sensitive information!
No comments: