844-345-3418Call

Phishing Scams Guide: How Not to Get Hooked

Unfortunately, not every email “hopes to find you well.” Phishing scammers love to inflict malware-carrying email on trusting recipients to hook data out of them. It’s important to examine each email carefully to make sure that you do not become an phishing victim.

Table of Contents

  • What is Phishing?
  • How Can I Recognize Spam?
  • How to Test Emails for Legitimacy
  • Can Antivirus Software Prevent Phishing?
  • How Can Education Prevent Phishing?
  • What Do I Do If I Receive a Phishing Email?

Summary

Phishing scammers know no bounds. No business or institution is off-limits, and scammers continue to innovate how they imitate legitimate information. This post is a guide for protecting yourself (and those with whom you interact over the internet) from online threats.

What is Phishing?

Even the most experienced of netizens can fall victim to phishing emails, and the aftermath can range from annoying to terrifying. Phishing is an attempt by an external sender to use digital messaging functions to exact valuable data from a recipient through deceptive content, malicious links, and false information. These can be pointed attacks, but they are also often executed en masse. Scammers know how to use our own information and emotions against us in their effort to get what they want, which can include money, company data, addresses, and many more valuable pieces if information.

What is Phishing

The unfortunate part is that no email account is safe. Maliciously loaded emails can land in inboxes for personal, professional, and educational accounts…and they can look completely real. Therefore, although this post focuses on email phishing, the prescribed considerations can be applied to other suspicious sites, SMS texts, or instant messaging you encounter. Protect yourself and those you communicate with by taking steps to help yourself differentiate between fraudulent and legitimate emails.

How Can I Recognize Spam?

At some point, you will be unable to maintain suspicion of every email in your inbox. Instead, make it a practice to keep a level head when checking your email. If you receive email from a known sender that contains expected information, you probably don’t need to worry. If you find an email that does not match that description, then care must be taken. Some examples of unusual emails may be:

  • New messages from an unknown sender
  • Unusual messages from a known sender
  • Any email that requests money or sensitive information
  • Any email from known businesses or institutions that contains poor formatting or low-resolution logos
  • Any email that seems odd. Seriously: trust your gut.

If an email makes you pause (or even panic, depending on the messaging) for even one moment, use the tips below to vet that email before you act on it. Doing so could prevent both headaches and data loss in the future.

How to Test Emails for Legitimacy

Listed below are some tried and true methods that can help prevent any spammers from causing any harm.

Domain Test

If you are at this point, you have come across an email that warrants further inspection. One of the most obvious tells is one of the easiest to check: the email’s domain. A domain for an email is the information that appears after the “@” symbol of an email address. For example, the domain for any email from Google will end in “@google.com.”

No company will send you messaging through private accounts like AOL (@aol.com), Gmail (@gmail.com), Yahoo (@yahoo.com), or anything that is not tailored to the business unless it is a very small operation. Most larger businesses will have their own email domain. Avoid sharing any sensitive information with a sender hailing from one of these domains unless you can verify the legitimacy of both the sender and the message. If you are unsure, do a web search for that email address. If that email address is an address through which this business has communicated with you in the past, it should be fine.

If the email does not come from a public domain, ensure that the business domain is spelled correctly. For example, an email from Google should not have a domain like this: “@googel.com.” If you are unsure, once again conduct a web search for that exact address or any other email affiliated with that company. If the spellings don’t match up, you may have a phishing email on your hands.

Domain Test Check list

  • Any email from a business should not originate from a public email domain.
  • Any email from a business should have a correctly spelled domain that checks out with public information online.

Language Test

If an email passes the domain test but still seems irregular, it is time to examine the body of the email. When you consider the probable writing style of the sender, check for inaccuracies and inconsistencies in how they wield writing to communicate with you. Although mistakes are part of being human, it will be up to you to decide which mistakes are reasonable and which are not.

If an email purports to be from someone you know, check for uncharacteristic mistakes or language use. For example, did the supposed sender (who is someone who usually proofreads their emails thoroughly) send you something that is riddled with spelling mistakes or grammatical errors? If so, you may have an email from someone posing as a person you know. This often happens within institutions which make staff names and email addresses public knowledge.

If the email is not coming from a personal acquaintance with whose writing style you are familiar, you can still check for spelling in grammar mistakes. These should especially not be showing up in communication from businesses that presumably have proofreaders for their customer content. The additional aspect to watch out for would be any correctly spelled words in an incorrect order. An email with this type of mistake may indicate a machine scammer or an automated attack. Machine-created emails might occur with grammatical mistakes because a spell check function may not flag a word that is improperly used as long as it is spelled correctly.

Again, just because an email has a mistake doesn’t mean that it’s a phishing email. Use your best judgement when deciding whether or not the email’s language is on point with what you expected from the sender.

Language Test Check list

  • If the email contains spelling mistakes, they should be reasonable for the sender.
  • The email should not contain unusual or incorrect groupings of correctly spelled words.

Tone Test

Scammers have reached near-professional levels of fraud, so there are some emails that may have made it this far while still making the reader pause. At this level of testing, you must rely on your understanding of the sender’s usual tone or attitude in emails previously sent to you.

If an email attempts to create a sense of urgency in you to do something right now that seems out of place, you may have received a phishing email. Examples include emails that claim that there is a discrepancy in your account that you must fix, emails that accuse you of owing an inordinate amount of money unless you act now, or emails that insist on your immediate action to prevent an account from being terminated. These emails prey on the feelings of concern or fear in their recipients in order to squeeze out valuable information.

If the email claims to be from an acquaintance or a business with which you are familiar, but the email reads differently than previous emails from them, you may want to check this out using your own methods. A common example of this is if the boss or CEO of a company sends an email that says, “Hi, Are you busy? I have my hands full right now but I need you to purchase some gift cards for me. Let me know when you’re free” or “Hey, I need your help right away to send some wire transfers. Contact me so I can send you the right information.” Unless moving money for your boss is established task that you have done many times before this email, this would be an unusual email. Even if this request were legitimate, wouldn’t your boss want to bring this important topic to you outside of an email? If you’re still not certain, draft up a separate message from your own email account (do not reply to the suspicious email) to ask if your boss did indeed send the dubious request.

Tone Test Check list

  • The email should not make the recipient feel a sense of urgency for an unusual matter between the sender and recipient
  • If the recipient has received emails from this sender before, the email should "sound" like the sender that sent the previous emails.

Link Test

Your last line of defense is to investigate links in suspicious emails before you click on them. Abandon the email if any of the following conditions are true.

If link is unusual, inappropriate, unexplained by the sender, or simply paired with a click-bait style phrase (i.e. “I can’t believe you haven’t seen this yet…!”).

Without clicking on the link, hover the cursor over the link while looking at the bottom-left corner of your browser. Once you do this, you will find a ribbon that pops up in that corner containing a URL. If you were to click on that link, that would be the destination of the URL (this function isn’t generally available on a mobile device). Ensure that the URL leads to a site that is legitimately affiliated with the sender and run a web search if you are not sure. You can also check if that URL contains “https” at the beginning of it. The “s” in that chunk of URL stands for “secured,” and may be condensed to a little padlock icon when it shows up on a browser page.

If the first two points in this test check out for your email and you end up clicking on the link, listen to your browser if it objects. Your browser may pop up a warning to you if you are about to enter a site that is known to contain threats.

Link Test Check list

  • The email should not contain unusual, inappropriate, or unexplained links.
  • The email should not contain links that lead the recipient to an unsecure URL.

Can Antivirus Software Prevent Phishing?

You can’t anticipate every threat that seeps into your computer, so it can only help to have antivirus software around to round up any viruses that still make it into your system. It can help you catch anything that falls between the cracks despite your careful online practices. Some Internet Service Providers (ISPs) offer free protection to customers, so check if that applies to you. If not, research and find the antivirus software that meets your needs. Ensure that your selection is reputable and dependable to prevent any future headache for yourself.

How Can Education Prevent Phishing?

If you own a business, one of the biggest steps toward keeping your data and your employees safe online is to educate your staff about how to detect and prevent phishing attacks. Do what you can to ensure that educational material is presented to every employee on staff…especially higher-end executives. Everyone is susceptible to online attacks, and an executive who manages larger amounts of sensitive information has more to lose.

What Do I Do If I Receive a Phishing Email?

For personal accounts: do not interact with the email. Use the options on the email to mark it as spam, then be done with it.

For professional accounts: again, do not interact with the email. Use the email options to report the spam, but also report the fraud attempt to your company’s IT department. They may want to know about threats that are being directed toward the company so that future risks may be reduced.

Frequently asked questions

What is phishing?

Phishing is an attempt by an external sender to use digital messaging functions to exact valuable data from a recipient through deceptive content, malicious links, and false information. Data that a phishing scam might be after include financial, personal, or professional data.

Where does phishing occur?

Phishing typically occurs in email, but malicious links and information can be found all over the internet and digital communication systems. You should therefore also be careful with how you’re interacting with online content on other websites, unexpected SMS texts, and instant messaging.

How can I prevent myself from being a victim of phishing?

Unless you preemptively block emails you know are malicious, you will not be able to prevent your inbox from receiving a phishing email at some point. The best thing you can do is to keep a level head whenever you open your inbox, be mindful of what you’re receiving, and remember to test and vet any email that makes you panic or pause for even one moment.

Written by Sarah Solomon

Edited by Henry St. Pierre

More from our Resource Center

What Is Spectrum TV Essentials?

Spectrum TV Essentials is a live TV streaming service that includes over 70 entertainment, lifestyle and children’s networks. But there’s a catch.

What Is YouTube TV?

YouTube TV is one of the most popular live TV streaming services around, offering over 100 live TV channels. Find out if this service is worth it for you.

What’s the Difference Between Internet and Wi-Fi?

When you sign up for internet service, you’ll likely want Wi-Fi to go along with it. Internet and Wi-Fi work together to bring connectivity to every wired and wireless device in your home. But what’s the difference between them?