Phishing is the use of social engineering on the Internet that tries to get you to click on links or enter your personal credentials like passwords, bank or credit card details, or other personal data. Basically, it’s bad guys trying to trick or con you to give them your confidential information.
In my tutorial last week, I covered the 3 Keys to Protect Yourself From Phishing Attacks . I shared the secrets to help you get in the right mindset the next time you receive a suspicious email. After reading part one of this series on phishing:
If you keep the above in mind, you’ll be in great shape to not get caught on the hooks that are used in phishing emails to catch unsuspecting people.
Now, let’s take a look at a couple of actual of phishing examples that the bad guys use to snare people.
First things first, there was nothing in the sender or subject lines to tip you off that this was a phishing scam, so you clicked on the email from your bank or corporation – well, at least it looks like it’s from a legitimate corporation.
One of the telltale signs of a phishing attack is when your bank doesn't know your name! When you receive an email addressed to undisclosed recipients or unknown, yet it demands action in order for your account to not be closed, then something is wrong.
Another sign of phishing attacks is that they often include multiple email addresses with different domains within a single email. Take a close look at the domains of the email addresses and you’ll notice that they often don’t match that of the organization they claim to be from. That’s a sure give-away that something phishy is going on.
For example, emails from Target will be sent from the target.com domain and not from target.bfio.com.
Another thing you’ll see that should set the alarm bells off in your head is the use of free email addresses in emails that are supposedly from major corporations.
You can be sure that correspondence from a major company will NEVER include a yahoo.com, Hotmail.com or other free email service.
We’ve all grown so used to clicking on links on websites and emails, that it’s pretty easy for the bad guys to take advantage of our trust. Most people instinctively click on links because they expect that the link will take them to a continuation of what they were reading, pertinent information, or some other desirable website.
Just like false or fake emails used in phishing attacks, the bad guys use links to mislead you. They’ll mask the links a bit in order to conceal their malicious intent, but it takes only a little effort to expose most fake links.
Make sure to check the links.
Don’t be intimidated by threats that are part of almost all phishing attempts. The bad guys use threats to make you nervous and uncomfortable to get you to click on one of the links that is actually a trap. They need you to feel under pressure to act now. Typical threats include:
Your service could be suspended!
Your online account is locked
Helpdesk – Urgent Notification!
Your Account has been Terminated
Whenever you receive an email threat or demand for you to act immediately in order to keep your account active, or to stop some action against you – STOP before you click on anything.
Call the number on their website. If this really is a legitimate notice from your bank, then it’s likely that talking with someone on the phone is the best way to clear up a problem that involves your account being closed.
If it’s not legitimate, then calling the bank can save you money and even your identity.
The main thing is that if at any point, you have any doubts about the veracity of the email, then call the bank or company that is claiming to have sent the email.
If you suspect something is a phishing attack, then check out snopes.com. It’s one of my favorite resources for checking if something is a known Phishing scam.