You open up your inbox and there’s an email from a bank. Sometimes it’s your bank, sometimes it’s a bank you’ve never heard. Sometimes it’s from a really big company like PayPal that the whole world has heard of, so it must be important!
The subject line is something like: Problem with your account, rectify now
We’ve all been there, but not everyone reacts the same way.
How do you react?
In part 1 of this tutorial about phishing scams, I'll show you how to react to an email that may be a phishing attack.
Phishing - the practice of using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft
(from our friends at TheFreeDictionary.com)
Even though most of us have gotten used to trying to respond immediately, email is NOT a real-time communication tool.
If you keep that in your mind, then you are less likely to start clicking away on links that might lead you and your bank details into the bad guys’ dungeon (where it’s very dark and creepy).
Now that you know that it doesn’t require a knee-jerk reaction, you can take your time to think about what you are going to do.
I’ll cover the easy category first: if you get an email from a bank where you don’t have an account asking you to ‘update your information’, then delete it immediately. Earn a couple of bonus points by adding the email address to the spam folder of your email client.
(I know, right – who would have thought it could be that easy to avoid such a big risk!? Very cool!)
The second category includes email that claims to be from your bank or company that you do business with (like Amazon or eBay, etc.), but comes unexpectedly, or asks for information that doesn’t make sense.
For example, if you receive an email to confirm personal data for ‘your debit card’ – when you don’t have a debit card with that bank, then it’s not a legitimate message from your bank. (A recent telephone hoax asked you to respond to update the details of your debit card. Everyone who received the call who did not have a debit card should have hung up as soon as they heard the message!)
Don’t click any of the links in the email.
Open up a browser window and go to the company’s website. Call the number you find there to let them know about the fraudulent email. If they confirm that they sent it, then provide the details they need over the phone – and let them know that you are displeased that they are sending suspicious emails!
They would much rather hear from you each time they sent you an email, then have to deal with the fallout of their clients clicking away on phishing emails.
This applies to any company that you do business with: call the company at the number on their website whenever you are unsure about anything in an email.
Every bit of communication a legitimate company puts out is marketing. There are teams of people checking everything that goes out to their customers. Before an official notice is sent by a corporation, it is read and reread by the marketing and legal folks to make sure they aren’t saying anything wrong and that there are no mistakes.
Logos and taglines and formal advertising items will NEVER be incorrect. Millions and millions of dollars are spent by corporations every year making sure that the image we have of them is perfect. So, if you see a logo or branding that has ANYTHING wrong on it – the chances are very high that it’s fake. Don’t click on links from fakes and frauds.
When you get down to it, if you see anything that you think is suspicious: call, don’t click! (They have operators on the line waiting for your call!)
If you suspect something is a phishing attack, then check out snopes.com. It’s one of my favorite resources for checking if something is a known Phishing scam.
Next week, in 3 Phishy Things to Watch Out For (part 2 of this tutorial), I’ll show you how to recognize suspicious elements in phishing emails.