skip to Main Content

Phishing Scams: Don’t Take the Bait!

You open your inbox and—lucky you!—you’ve received a very stately-sounding e-mail telling you, although you never knew it, that you are in fact descended from royalty and are due a one million dollar inheritance from the Nigerian government.

Only catch is that for the sender to release the funds to you, he says (in broken English but using very urgent terms) you must immediately wire $1,000 in U.S. dollars to his foreign bank account. He even makes it easy for you by providing a link: just click the link, wire the money, get your inheritance, and you’re rich!

Ok, so most of us know about the infamous “Nigerian prince” phishing e-mails like the one described above that have been popping up in our overloaded inboxes for years. These are so outlandish and preposterous-sounding that they are easy to spot as a scam.

How do phishing scams work?
Not all e-mail scams are so easy to spot, however. “Phishing” e-mails get their name because crooks are “fishing” for your personal information.

They dangle the “bait,” with the end game of stealing your sensitive information through e-mails, websites, text messages, or other forms of electronic communication that look like official communication from legitimate companies or individuals.

Just as a fisherman tries to hook a fish, cyber criminals try to hook you into sharing your user names and passwords, credit card details, financial account numbers and other information.

They then use this information for hacking, identity theft, or stealing money directly from your accounts. Often, they sell your information in cybercriminal underground marketplaces, like the Dark Web.

New (and not so new) phishing scams
Unlike the Nigerian Prince scam, today’s phishing e-mails have become much more sophisticated, with even the computer-savviest among us sometimes falling for them.

And they’ve increased exponentially—according to a recent study, over 3 billion fake e-mails are sent every day!

Cybercriminals have become increasingly skilled at getting unwitting recipients to open e-mails, click on links, and unknowingly share sensitive information and malware.

Recent phishing scams to avoid
According to the Federal Trade Commission (FTC), these are some of the more popular recent phishing scams to be on the lookout for. Some are new, while some are old scams with a new twist.

  • Social Security benefits scams
  • Charity scams—in the wake of Hurricane Dorian
  • College student housing rental scams
  • Fake Equifax data breach settlement websites
  • Mystery shopper scams
  • Fake job offers
  • Vacation rental scams
  • Medicare/DNA kits scam
  • Fake student loan debt relief
  • Crowdfunding scams

Click here for more information about these scams and to see a full list of the FTC’s most recent scam alerts.

Phishing tricks and practices
There are many techniques hackers use to launch a phishing attack. Here are a few of the most common ones:

Legitimate looking e-mails. It looks legitimate, complete with the company’s logo, same look and feel as the real deal, and high-quality graphics. It may even include fake “opt-out” instructions. While this e-mail looks real, it’s fake and the links and replies are not going to a company, but to a cybercriminal who is trying to capture your information.

The virus or compromised account: You receive an e-mail from a company or bank claiming your account has been compromised. It instructs you to login to reset your password or to download a form, fill in your personal information, and return it. However, a legitimate company would never request your personal information through an e-mail like this.

Invoice phishing: These e-mails claim that you have an outstanding invoice or bill from a well-known company or bank. You’re instructed to click on a link to pay the invoice/bill. But when you click on the link and access the site, the hackers steal your personal information and gain access to your bank accounts.

Payment and delivery scam: You receive an e-mail from what appears to be a legitimate company, asking for your updated credit card information. The sender will typically claim that your payment information needs to be updated before they will deliver your order or keep your account active. Be careful with these e-mails, especially if you haven’t purchased anything from the company.

Downloads: Download scams send an e-mail instructing you to click on a link. These e-mails often contain hyperlinks that download a malicious file onto your computer designed to capture your keystrokes and financial information. Never click on an e-mail link unless you are absolutely sure the sender is who they claim to be.

Fake cloud-based documents. You receive an e-mail that invites you to view or download a document in Microsoft OneDrive or Google Docs. The links in the e-mail take you to an authentic-looking (but fake) login page designed to steal your credentials.

Tips for spotting phishing e-mails
Be on the lookout for these telltale signs of a phishing scam.

You hover your mouse cursor over a link or URL in the e-mail and it does not point to the correct location, or attempts to send you to a third-party site not affiliated with the sender of the e-mail.The e-mail requests your personal information such as social security numbers or bank account information.

The sender’s address is similar to a legitimate e-mail address, but with added numbers or changed letters.

The message is unexpected and unsolicited.

The message or the attachment asks you to enable macros, adjust security settings, or install applications.

The message contains grammatical errors and typos.

The sender address does not match the signature on the message itself. For example, an e-mail is purported to be from Mary at Little Lamb Corp, but the sender address is john@example.com.

There are multiple recipients in the “To” field and they appear to be random addresses.

The greeting on the message itself does not personally address you.

The website looks familiar, but there are inconsistencies or things that are not quite right such as outdated logos, typos, etc.

The page that opens is not a live page but rather an image that is designed to look like a familiar site. A pop-up may appear that requests credentials.

Phishing scams remain a very common type of cybercrime, and can cause major financial losses to both consumers and businesses. New scams are more sophisticated and harder to detect. It’s essential to educate yourself and those you love about how to spot the red flags of a phishing scam. If you’re unsure about an e-mail you receive, contact the business or individual directly to verify if the e-mail is legitimate. And when in doubt, delete!

Resources: Valimail, Inc.com, Microsoft, Federal Trade Commission, Proofpoint, TechRepublic