A client of ours recently forwarded an email stating that his website’s domain was going to expire. Littered throughout the email were calls to action, all capitalized warning IMPORTANT NOTICE, EXPIRATION OFFER NOTICE, and then of course CLICK UNDERNEATH FOR IMMEDIATE PAYMENT. He knew it was a scam but still wanted to check in with us to ensure his domain was in good standing – it absolutely was.
Scheming criminals are constantly on the hunt, using the internet to prey on folks in an effort to steal personal information that they can then use illegally. Phishers use personal information to empty out bank accounts, steal identities or leave people locked out of their very own online accounts. The email our client received was exactly this – a phishing scam.
Phishing is fraud that happens online, according to the RCMP it’s “a general term for emails, text messages and websites fabricated and sent by criminals designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information.”
To protect yourself from online fraud and prevent yourself from getting conned, it’s good to know how to detect phishing scams. We’ve decided to dedicate this week’s blog to helping you identify if something looks fishy because it is in fact a phishing scam. That’s where the word phishing comes from, the idea that fake bait is being thrown up in the attempt to catch a victim. Here’s what you need to know so you don’t take the phony bait:
Be Leery Of Emails Stating Urgent Action Is Required
It’s like calling out “FIRE” in a room full of people. Fraudsters will often use urgent calls to action in an effort to get you to act immediately. Using subject headings like “Expiration Notice”, “Immediate Verification Required”, or words like “update”, “validate” or “confirm” your account, are all red flags that you may be looking at a fraudulent email. These online con artists are attempting to illicit a quick reaction from you. By preying on your concern or making you worry, they make emotional appeals in an effort to get you to click through and send your info accordingly.
Reputable businesses, especially financial institutions and credit card companies will NOT use emails to confirm an existing client’s personal information. Ironically, some phishers will claim to be from the fraud departments of established companies asking you to verify your account information because they suspect you may be a victim of fraud. Don’t buy into it. If you’re concerned, give the company a call using a number on an official bank statement or other document that they have sent you in the past and talk to a real human being. They’ll ask you to confirm the finer details of your account information and you’re good to go.
Weird “From” Email Addresses With Generic Greetings Are A No-Go
Some scammers will use email addresses that look more official. In this case, they’ll use a sender’s email that looks similar to a legitimate business but again, something will be off. They’ll sneak in a “1” in place of an “l”, for example “paypa1.com” instead of “paypal.com”. In a hurry you may not notice, but pay attention because you could be sending your info to someone who’ll go on to commit crimes in your name. No one wants that. So pay attention to who is sending you mail.
Generic greetings play into this too. Most phishers won’t know your name because they’re sending out emails to thousands of people at the same time. Be skeptical of emails sent with generic greetings like “Dear Customer” or “Dear Member”.
Granted, some con artists will have access to your name, especially when it’s listed on your business website or somewhere else on the web. In this case, they’ll appear to “know” you – if you find it in the least bit suspicious, contact someone you trust or again call the organization at a phone number you have on file. It’s always better to be safe than sorry.
Pop-Ups ARE Annoying and Sometimes A Warning
As fraudsters become more adept at creating online scams, they are utilizing different techniques to get you to disclose your info. One of the methods popping up, are pop-up windows themselves. Be careful when you’re sent to a website that immediately displays a pop-up window asking you to enter your account information.
Phishing scams may direct you to a legitimate site that uses an illegitimate pop-up window to gain your account information. Be cautious. Legitimate companies, agencies and organizations will not ask you for your personal information in a pop up window. Install pop-up blocking software to help prevent these types of phishing attacks.
Email Attachments From Strangers Are Like Candy From Strangers
Remember what your parents told you – the same holds true in adult life. When it comes to opening email attachments that you aren’t expecting, don’t do it. Even messages that appear to be from someone you know can contain programs that scammers use to steal your personal information. Only open email attachments that you are expecting to receive.
Take Preventative Measures and Install Spam Filters, Anti-Virus, and Anti-Spy Software
Spam filters will help to reduce the number of phishing emails you receive. Anti-virus software will scan incoming messages for troublesome files and let you know if something looks questionable. Anti-spy software detects programs installed on your computer that track your online activities without your knowledge and will protect you from phishing folks. Use a web browser that has anti-phishing detection, most have free plug-ins which you can add as a feature to notify you if you’ve entered a phishing site.
Don’t take the bait and protect yourself when it comes to online fraud. If you suspect that something sketchy is going on, most businesses have a fraud department that you can forward shady emails to and ask for verification. Do it.
Our client was smart enough to forward the email he found suspect to us and we were able to verify that it was just a scam. We want to help you from being conned, so again be cautious online and don’t get reeled in by a phisher.