7 Tell-Tale Signs of a Phishing Scam

You’ve just checked your email and you have a message from PayPal that says “due to a recent security update, we need you to confirm some information” or something similar. What should you do? This is a trick known as phishing, an attempt by a scammer to acquire sensitive information such as usernames, passwords and credit card details (and sometimes even money) by masquerading as a trustworthy entity in an electronic communication. The following are 7 tell-tale signs of this scam:

1. Spelling Mistakes and Discrepancies

If the email uses poor grammar or spelling or has strange formatting issues like these examples here, it could be fake. Legitimate companies will hire people to check their spelling and writing style before sending out emails.

2. Urgency

If the phishing email asks you to act immediately, it could be a scam. Legitimate companies will usually give you time to respond before taking action themselves. It may even take them weeks to ask for this information if they have good reason not to trust you yet because of your account history or location. The phisher might also threaten you by saying that another site has reported your phished information which will cause the company’s system to lock down and they cannot release it unless you verify your identity now. They might even claim that they need this verification in order to keep up with new phishing schemes that hackers are using against their site, or some other vague reason.

3. Unsubscribe/Unsubscription

If you notice a phishing email and go to the site it links you to in order to unsubscribe, do not use any of their provided links. Many phishers will try to convince you that these are the correct links by saying something like “you must have misunderstood our previous phishing email” or “we’ve been getting complaints from users who cannot find [the unsubscribe link]”. Instead, look for a link that says “unsubscribe” on the page where your email was received. If there is no such option, then it might be a phisher.

4. Addresses and Phone Numbers

Some phishers may only ask for information through an online form which has fields for username/password, credit card number, billing address, shipping address etc. Some phishers however will ask for this information by phone or email which are the most suspicious of all. Phone numbers these phishing scams use are usually fake and consist of random digits which can be found on sites like this . Address phishing scams either provide no real address, a phisher’s own address or some other strange location.

5. Generic Greetings/Salutations

Legitimate companies will always try their hardest to seduce customers into returning to their site again and again through good customer service. They might even send you personalized messages with your name written in them because they have your contact details from the last time you used their services that may have included an online form or chat session. A phisher on the other hand will usually name their phishing messages something generic like “Dear Customer” or “Your account has been locked”.

Many phishers will try to convince you that they are legitimate by providing some sort of security certificate as a clickable link. These links can be online images or those that come in an email as an attachment. There have even been phishing scams that phishers have put into instant message form which make it look like they’re inside your messenger program. If you click any of these and enter your details, then the phisher now has them and your information is compromised.

7. Spelling Errors in URLs

Phishers may also attempt to steal your information by phishing through email or instant messaging that contains phishing links. If you find an email in your inbox that says it is from the site you trust and they ask you to log in, be very careful not to click on the phisher’s phish link which may even look identical to the legit one. Look for any spelling or capitalization errors in this url before entering any details into it.

If you see any of these phishing signs in the emails you receive, you should delete them immediately or report phishing scams to the phish email provider. Do not click on any phishing links in emails. If you are unable to identify whether a phishing scam is legitimate or not, contact your bank/service provider through other means and ask if they sent you this email. Wave Technologies provide managed information technology services by enforcing strict policies and controls for security & risk management while guaranteeing availability, confidentiality, integrity & authenticity of your data at all times. Visit them online at www.waveiton.com for more details on their IT support solutions or call 617-479-0027 for more information!