How to Spot and Avoid Phishing Scams
Nowadays, pretty much everyone's on their toes when it comes to real life (IRL) fraudsters. Charlatan tricks, pyramid schemes, television hoaxes, unsolicited and phony services and subscriptions have harmed so many people that it is pretty much ingrained into public conscience that scam artists are everywhere and people should be extra wary of them.
Although the Internet has been around for some time now and is continuing to evolve as an ever-increasing part of everyday life, unfortunately, the average user does not seem to be as wary of online scams as they should be. Many users seem to think that there is nothing they can really do if someone hacks their online accounts, that their online security is in the hands of the providers of the services that the users are employing. After all, it's Apple's job to make sure that the information you gave them when making your account is safe, right?
Wrong. Users can, and should, take steps to increase their online security – and the first and most important step in that direction is to be aware of the danger, and educate themselves on the most telltale signs that they have been targeted by a hoax.
The Phishing Scam
Phishing is a type of scam that fraudsters use to try to get their grubby hands on the personal information of unwary Internet users, through subterfuge. The method they use in this particular case is rather simple, really – they cast a wide net and hope that some unsuspecting users get tangled in it. What's interesting is the bait they use to attract users – which is usually some legitimate-looking message from a respectable company. In most cases, said e-mail is designed to dupe the user into thinking that they need to send some personal information back to the sender of this message they received, or fill out their personal details in a form. If they actually do, well, they have been phished – now the fraudsters have all their relevant personal information, and can use it to whatever nefarious end they may devise.
Notably, technology to combat phishing is being developed all the time - spam filters and bots that are designed to recognize such fraud attempts and summarily remove them from the Internet are becoming ever more prevalent. However, in the few cases when the bait actually reaches the user, it may well be quite difficult for the user to recognize it for what it is… Unless they know what to be wary of in the situation. Recent surveys by CBS News and Intel Security show that about 80% of users have a hard time recognizing phishing attempts for what they are, and even trained professionals are not 100% sure to spot the signs when they are there. Still, the very best way to be on the lookout for phishing is to be aware of the following signs:
Suspicious pop-up alerts or ads appearing where they don't belong
While browsing the web, users may encounter pop-up ads or pages warning them about a problem with the device they are currently using. These are often designed to appear as if they originate from a legitimate source, such as from macOS or iOS, Microsoft, PayPal etc. In similar cases, it's usually a safe bet to assume that these aren't legit. Most often, these are just phony pop-ups, designed to trick users into calling a hoax support number or buying an app that purportedly fixes the device's 'issue'. In similar cases, users are advised to not call the number or click on the popup/ad and ignore the suspicious warning.
Dubious phone calls and voicemail
One of the most common methods still in use by fraudsters worldwide is to call phone numbers they have somehow got their lying hands on and then use threats and flattery to pressure users into giving them information, money etc. This is why the best practice in every situation is for the user to verify caller's identity before providing any personal information at all. Users who receive an unsolicited call from someone claiming to be from Apple, Microsoft, PayPal and especially – Google should be extra wary of the caller before they ascertain beyond all doubt that the person calling is, in fact, a representative from said companies.
Phishing emails and other text messages
Scammers tend to try and copy email and text messages from legitimate entities to trick unsuspecting users into sending back personal information and passwords or inputting said information into a form that the fraudsters can grab. Users are advised to never follow links or open attachments originating from any messages that may be considered suspicious or are unsolicited. Here are a couple of more telltale signs that something is awry and the message the user has received may well be a phishing attempt:
- The sender's email address or phone number is off. If someone claims to be contacting you from Microsoft, but if the e-mail address from which the message came from doesn't match the name of the company that it claims to be from, the user is likely the target of a phishing attempt.
- The user's email address or phone number is all wrong. If the message that the user received features personal information that is wrong or that the user didn't provide to the company in question, the message is probably a hoax.
- The message starts with a generic greeting. Almost no company starts their emails with "Dear customer". Even automated systems and notification bots designed to start the emails they send out with a greeting and the name, user ID, account name or some other means of identification that the user set up on registering for their services.
- A suspicious link. If the message contains obfuscated links, that appear to be legitimate but take the user to a website whose URL doesn't match the address of the company's website. That's a dead giveaway that someone's trying to dupe the user.
- Unusual and suspicious content. If the message appears notably different from other messages that the user has received from the company to date, then it is most likely fraudulent in nature. The differences may be as striking as featuring inexplicably broken grammar, or as subtle the text of the message itself being formatted in a slightly different manner than usual, or written in another font.
- The message requests personal information. Users should be extra wary of messages that outright tell them that they should divulge sensitive information, such as a credit card numbers or account passwords.
- Unsolicited message. The message is unsolicited and contains an attachment. These are usually the easiest to spot, but statistics show that quite a few users fall for similar tactics every year.
Further Steps Users Can Take To Prevent Phishing
Cyclonis Password Manager is more than just a tool that users can employ to avoid having to fill in the same personal details in a particular website over and over again. It is particularly useful when it comes to phishing because it will always alert the user if the site that is currently asking for the user's details is actually the right one. Say that a user sees a message from Apple, claiming that said user needs to follow a particular link and log into a particular screen. In such an instance, Cyclonis Password Manager will allow the user to automatically input all of their relevant data without a fuss only if the form in question is legitimate. Otherwise, the user will be prompted if they wish to make another registration – which should attract the attention of the user to the huge red flags surrounding the message.