Not too long ago, e-mail phishing scams were best known for their absurd claims of being from a wealthy Nigerian who desperately needs your help to transfer a large sum of money out of his country… and, of course, you will be well compensated. All you have to do is send your bank account numbers, and he’ll take care of this rest. Promise.
This all sounds ridiculous, but the rich foreigner scam has been successfully making fraudsters money since long before the Internet. Sure, it only tricks the most gullible of us—the rest of us can smell the fraud sizzling off on our computer screens before the message even finishes downloading—but that’s all a fraudster needs to make plenty of money.
And don’t get overconfident. Modern phishing schemes are a lot harder to detect.
What is Phishing?
Phishing is a scam in which someone pretends to be someone else in order to gain your trust—usually contacting you over email or the telephone—with the ultimate goal of stealing your personal or financial information.
As emails have become more complex and most companies now have branded images that are easily recognizable, scammers discovered a way to take phishing to the next level. They can now they can reach out to you under the guise of a company most of us already do business with.
How do they do it?
Simple. Big companies send out millions of emails every year. All a scammer has to do is get their hands on one of them and copy it. By changing the messaging to something urgent (“Your PayPal account is locked; log in now to fix it!”), and replacing the links, they can easily trick people into visiting a fake website. The best of them will even create a site that looks exactly like the real one.
In some cases, the link in the email will take you to a fake website where you’ll be required to log in. Now the fraudster has your login credentials and can access your account on the real site.
In other cases, the site you go to may ask for your personal information in order to verify your account.
Still other times, instead of going to a website, the link may download malware to your computer, giving the scammer access to all your files.
We typically think of phishing as email related, but it can also happen over the phone or through the mail. Phishing phone calls like the tech support scam have been commonly used trick victims into giving out their credit card information or downloading malicious software to their computer.
Identifying Phishing Scams
Identifying a phishing scam is harder than it used to be because scammers are getting better at designing the emails to look legitimate. You may receive a phishing email from Bank of America that looks exactly like a Bank of America email. Obviously, if you’re not a Bank of America customer, you’ll be suspicious. But Banks of America has millions of customers, and all of them will at least be tempted to open the email and see what it’s about.
Fortunately, there are some easy ways to tell if an email is legitimate or not:
- Read the subject line. Is it referring to an account you actually have? If not, don’t open it.
- Is it claiming your account is locked? If so, don’t open that email. Instead, open your web browser, go to the company’s real website, and try to log in. If you’re successful, that email is a scam!
- If you’re not sure, open the email and check for any links. If you’re using a PC, you can hover your mouse over the link, and it should show the address either next to your cursor or at the bottom of your email window. Does it start with www.THECOMPANY.com, where “THE COMPANY” is the name of the company the email is supposedly from? If not, it’s probably a scam.
- If there aren’t any links or you’re using an email client that doesn’t show you the link address (most mobile email clients don’t), read the email over. Is it trying to get you to do something? Log in? Send money somewhere? Call a number to provide personal information? Anything the company wouldn’t normally ask you to do? If so, consider it phishing.
Even if you can’t tell whether or not something is a scam, there are simple things you can do to protect yourself:
- Never give out your personal or financial information in response to any type of communication you weren’t expecting. No legitimate company will ask you to do this.
- Never click links contained in an email, even if you’re confident they’re legit.
- Never send money or provide credit card information in response to a letter, phone call, or email.
- Never open an attachment in an email, unless it’s something you specifically requested.
- Install antivirus and anti-malware software on your computer or mobile device, and keep it up-to-date.
Of course, not every email you receive is a scam. Sometimes you really do need to reach out to a company to correct something or provide some missing or outdated information. But you don’t have to follow the steps in their email or phone call. Instead:
- Call the company directly. If the company called you, tell them you want to call them back. If they insist you deal with it now, hang up! It’s definitely a scam.
- Remember, don’t use the number they gave you. Instead, google the company and get the customer support phone number directly off their website. Ask the agent about the email, letter, or phone call. If it is a scam, they’ll want to know about it!
- If you have an online account with the company, go to their website (from your browser, not from the link in the email!), and log in. Most companies will send important messages to your online account as well as your email.
If you think you may have already given your information to a scammer, contact the real company and let them know what happened.