The internet is probably the greatest invention in the history of humankind. It’s almost impossible to really understand the fundamental changes internet technology has brought to our world, but it’s hard to think of any walk of life no affected by it.
Just as with any great new technology, however, there are going to be some people who want to use it for evil purposes. You’ll find criminals of all type trying to rip off innocent citizens of their hard-earned cash or sometimes of their very identities.
The good news is that modern internet security technology is very, very good. It’s very unlikely that someone will crack your Gmail password or break through your VPN encryption. Which is why many scammers and other computer criminals have begun targeting the weakest link in the internet security chain: human beings.S type of scam known as “phishing” is one of the most popular methods of getting people to give up the goods. You could very well be the next victim of this devious con.
What is Phishing?
The goal of phishing is to trick you into giving up sensitive information to a malicious person. They do this by pretending to be someone they are not. For example, you might receive an email from what looks to be your bank, but actually, it comes from a criminal and any links within the email will lead to a website that is owned and controlled by the scammer.
So how can you avoid being caught up in this particularly nasty trap? It’s easier than you think!
Spot the Common Signs
A phishing email isn’t always immediately obvious, but after you’ve seen a few phishing emails you’ll start to notice a pattern. One key sign is the fact that you aren't addressed by name. Since most phishing attacks are scattershot they can't be personalized.
Poor grammar and spelling abound and phrasing might be a little off. All phishing emails either contain a link you are requested to click on or ask for a reply that contains specific information.
The contents of a phishing email often make it clear that things are an emergency. It could be something relatively tame such as a warning that your mailbox is full and will be frozen. All you have to do is click the button and log in. Other messages are much more serious. One common example is that your bank account will be closed or frozen unless you click the link and log in. In both cases, you're taken to a fake site so that your credentials can be stolen.
Check for Email Spoofing
Email spoofing is when a message appears to be from a legitimate address, but in reality, it's from somewhere else. If you are using Gmail then there's already a warning built in to tell you if you're looking at a forged email address.
If you're using a client like Outlook you can compare the "Friendly from" and "Mail from" addresses in the message headers. In Outlook this is found under "message options", but a quick Google will get you the instruction for any client.
Learn What Fake Phishing Sites Look Like
If you are fooled by the actual email and click on the link provided, then you really shouldn't be fooled by the fake website it leads to. These sites are generally quick and dirty attempts to look like a banking site or your PayPal account. They'll steal graphic elements from the real sites. But they never look quite the same. Especially since these sites are rarely coded from scratch. Most of them are made using template-based site builders such as Weebly or Wix.
Which brings me to the next important part of figuring out that a site is actually a phishing trap: the URL.
The actual address that your browser is being pointed to is incredibly important. You should always double check if the address your browser is visiting is 100% correct. Phishing scammers can sometimes make an address look legitimate at a glance, so take a few seconds to make sure. If possible it is preferable to type the address in manually.
Be Extra Careful of Spear Phishing
There's a more insidious form of phishing known as "spear" phishing. In this case, the scammer is targeting you specifically using the information they've gathered from other sources. For example, they might know what company you work for, what position you hold and what other people you do business with.
"CEO fraud" is one of the wildest forms of this. Here the scammer pretends to be one of the top executives sending an email to a lowly accountant or HR person. They might instruct them to immediately pay money into a specific account or do something else that will mean a huge payday for the scammer.
The only real way to defend against spear phishing is to pay attention to things that stand out. Is this person writing in their typical tone and style? Are they asking for something unusual? If you at all feel like something fishy is going on then stop. Pick up the phone and confirm that the message actually came from them. It might be a little tedious, but in the long run, this could have saved millions in damages over the years.
Never Click Links from Unsolicited Emails
The real bottom line of defense against phishing is this. Never, ever, click on a link found in an email you did not ask for. Password reset or registration emails are the clear exceptions to this. Those you did request and show up a few seconds later.
With anything else, go to the correct site yourself by typing the address manually. Remember, phishing is only one of the dangers you can face on the web. For a near-complete privacy and security solution, we strongly recommend that you get a VPN. Our favorite VPN at the moment is the amazing ExpressVPN. Affordable and easy to use, ExpressVPN will keep the nasties at bay as you surf the internet.