What is phishing?
Phishing is a technique of cybercriminals to attempt to gather information by using deceptive emails, attachments, and websites. The goal of phishing is to trick you into believing that the email is something you want or need. It can be an email request from a bank or a note from someone in a company.
Once they obtain your information, they can have access to your accounts. They could even impersonate you to scam your loved ones. So, be careful. These emails really look like it comes from a legitimate source.
Having knowledge on how to spot a phishing email is becoming more important than ever before.
Do not get hooked!
What to look out for?
1. Inconsistencies in sender name, email addresses, URLs, and domain names
Does the sender’s email address match with the individual signing the message?
Does the sender’s email address match with the domain where the message was sent from?
To confirm if it comes from a legitimate source, look at the domain name in the email address, and check if there are inconsistencies. You may also hover your mouse pointer over the link to check the address before clicking on it.
If there are inconsistencies, don’t click it. Phishing often tries you to trick with look-alike names, email addresses, and URLs.
2. Requests for login details, financial information, or sensitive information
Receiving an email from an unexpected company?
Did they request you to provide your sensitive information?
Responding to emails with requests for login details, financial information, or private data should always be treated with caution. Most companies will not ask you for your financial information, sensitive information, and most importantly, they will not ask for your password.
To confirm if it comes from a legitimate source, you may visit the website from which the email has supposedly come by typing in the URL, instead of clicking the link.
3. Poor spelling and grammar
You can often recognize a phishing email if it contains poor spelling and grammar. But don’t get me wrong, all of us make typos from time to time especially if we are in a hurry.
Cybercriminals often use a spelling checker or translation software. It could give them the right words but sometimes it is not in the proper context. If you received unexpected emails from a company, which has poor spelling and grammar, it could be a strong indication that it is actually a phish.
Emails from legitimate companies are usually written by professional writers. They know how to spell and create well-written emails.
4. Demand for urgent action
Most phishing emails are designed to make you get an emotional reaction. They may claim that something happened to your account and the only way to fix it is to enter your login credentials.
By using this approach, cybercriminals hope that people will not read the email thoroughly and just click the link right away.
Always stop and think before you click.
5. Suspicious attachments or links
Phishing emails usually contain suspicious attachments or links. They will ask you to download files or click a link included in the email.
The purpose of it is to get your sensitive information such as login credentials, credit card details, phone numbers, and account numbers.
Typically, legitimate companies won’t request you to download a file or click a link. They direct you to download files on their own website instead.
When in doubt, you may directly send an email to the contact information obtained from the actual website.
How to Report Phishing?
You may forward it to the Anti-Phishing Working Group at firstname.lastname@example.org.
If you got a phishing text message, forward it to SPAM (7726).
Report the phishing attack to the FTC at ftc.gov/complaint.
Phishing is just one of the cyber threats used by cybercriminals to trick you.
Feel free to check more about more cyber threats and its preventions. It is better to be safe than sorry.