If you’ve checked your email in the last few days, chances are pretty good that there was at least one phishing scam in your inbox. Phishing emails and texts employ different methods for achieving the same end: relieving you of your tightly-held personal, financial, or account sign-in data.
Here's what some of the different types of phishing scams look like, and how to spot them in time.
Click on This Website
Phishing scams generally open with a spoof email that tries to deceive you into thinking it's actually from your bank, credit card company or other institution. The logo, layout, and even the tone of the company’s emails can be carefully copied.
Scams that link you to fraudulent websites made to look real can be identified in several ways. Watch out for these clues:
- Sloppy design
- Misspelled words (including in the URL)
- Pop-up windows
Urgent messages in the email, text or on the site itself should lead you to double-check the website address. Legitimate websites for major financial institutions won't promote this sense of desperation to visitors, nor do they have room for sloppy design or misspelled words.
If the email requests information from you, be extra vigilant. No legitimate bank email includes a form for resolving account issues, so that should be a major red flag.
Faked Email Addresses
Fraudulent or "spoofed" emails are the hallmark of email phishing scams. These "fishy" emails are designed to look just like the kind legitimate companies or even friends send out, down to the return addresses.
These fake emails either contain forms for getting information from you or direct you to links that take you to malicious sites. Look at the email header closely, especially at the sender's address. Compare it carefully to messages you receive from the actual company or person. If you have even a hint of doubt, pick up the phone or go directly to the company website (using your browser, not the link in the email or text) to verify the information.
If it sounds too good to be true, it probably is. If you’re being offered the proceeds of a lottery when you didn’t buy a ticket or a cruise that you never signed up for, delete the email or text immediately. Your wallet and personal information will be better off.
Scammers have begun sending “documents” via Google Drive or DropBox. You think you’re clicking on a spreadsheet from a colleague or photos, but in reality, you’re going to a fake site or downloading dangerous malware. If you use Google Drive or DropBox, consider implementing two-step security verification to protect you from these sorts of attacks.