How to Spot Phishing Scams

*Security Note: None of the links in this post direct to other websites. The links have been replaced with www.cyberprotection.com for your safety. We do not post links to other web pages in our blogs.


Internet scams are as old as the Internet itself. Every year, cyber-criminals “promote“ new techniques and tactics devised to trick potential victims. In the text below, we will point out some of the various types of phishing scams and offer practical tips on how to spot them and protect yourself from them.


Phishing


Phishing is a type of an Internet scam devised to fraudulently acquire user's sensitive data used for identification. This includes stealing passwords, credit card numbers, back accounts, and other sensitive data.


Phishing messages usually come in the form of fake bank notifications, messages from providers, electronic payment system, social networks, online games, etc. This kind of message will try to encourage the user, for whatever reason, to urgently enter or update their personal data. Usual excuses for these kinds of demands are data losses, system crashes, etc. So-called bank phishing is the most commonly used phishing strategy, with a goal to gain access to the user's online bank account.


Phishers are very skillful in devising very authentically-appearing emails, which are usually extremely high-quality copies of official emails coming from different organizations. They use the official logo of the organization in question and copy the style of a legitimate correspondence in its entirety. Usually, the email will try to lure the user into clicking on a link to enter their personal data. When the user clicks on the link, it will lead them to a fake website that appears very similar to the legitimate website on which they can enter their username and password, which will later be passed on to the cyber-criminals who devised the phishing scam.


How to spot a phishing email


Example 1. You get an email from a bank, e-payment service, email provider. If you don't use the services of the sender in question, then you can spot a fake email very easily, so you can simply delete it.


Example 2. You get an email from a bank, e-payment service, or an email provider, but you have an account with them. In this case, read the text of the message carefully: if, at any point, you are required to enter your username and password, you can be sure that the email is fake. Companies and organizations will never ask their customers to log in to their accounts in this way.


There's another simple way of finding out if the email is fake or authentic: slide the cursor over the hyperlink in the email. On the bottom left, in the status bar of the browser, you will see the actual URL of the address the link will take you to. Pay attention: the other part of the domain should belong to the organization that's sending you the email.

For example, an email signed by Skrill will contain a link such as this one:

http://something.skrill.com/something

But links like the following and all other links containing something else rather than “skrill.com“ before the slash are fake.

http://skrill.click.com/something

http://something.s-krill.com/something

http://something.skrill.com.something.com


Also, beware of emails containing attachments. These kinds of emails don't have to be just phishing emails devised in order to get your personal data, but the attachments themselves can be really dangerous.


Bear in mind that phishers are not interested only in your online bank account. Aside from this, they are interested in any type of personal, sensitive data, which is why they also target email services, social networks, online games, and any other systems that require users to enter a username and a password.



1420 Joh Ave, Ste A

Baltimore, MD 21227

(888) 4CyberPro (429-2377)

(Local) (410) 660-2160

©2020 by Cyber Protection Services. All Rights Reserved