How to be Aware of Phishing Scams

There are many scams around, and malicious hackers go to great lengths to acquire your personal data. Criminals can use personal data for identity theft, but it is also sold on the dark web to the highest bidder. 

One of the most effective methods of data extraction is “Phishing.” Read below for more details regarding:

  • What Phishing Is
  • How to Spot a Phishing Expedition

Phishing is an effective method of data extraction by fooling someone into divulging information. However, there are numerous ways you can spot a phishing scam and prevent your most personal data from being stolen.

What is Phishing?

A significant aspect of cybercrime, phishing, is an effective means of data extraction and accounts for around a third of cyber crime[1]. But what exactly is it? Well, phishing is essentially the act of masquerading as someone else to gain crucial information. Most phishing scams involve a malicious hacker claiming to represent a legitimate organization, such as your bank, for example, to try and extract data from you.

Phishing is an effective method of sensitive data extraction because the techniques used are increasingly sophisticated. For example, a scammer can display their email address as an organization inside your email client. They will also sound convincing and use media such as company logos and industry jargon in their “official” communication.

How to Spot a Phishing Expedition

As sophisticated as a phishing hacker is, there are numerous telltale signs that all is not what it seems. You can prevent phishing scams against yourself with some simple tips.

Web Addresses

Phishers can disguise themselves quite well, but not as well as they would like. First, you can verify the email source by checking for a subdomain or a slight variation on an address. For example, ‘www.microsoft.com‘ could be used as ‘www.microsoft.fishinghole.com.’ Or ‘www.micro-soft.com[2], where “Microsoft” should be one word.

URL hyperlinks contained inside the email are also a dead giveaway. Suppose you get an email from what looks like your bank saying, ‘click here’ to update your details. Hover over a link to see where it will redirect. An official redirect example would be ‘www.hsbc.com/details‘, but an invalid phishing scam will probably look something like ‘www.kndiwdn.net/jdkjskdjl\jf\mldmlKd‘. Essentially, it just won’t look right.

Unwarranted Communication

Another simple yet effective phishing scam is the unwarranted good news email – such as winning a new car in a prize draw. This is effective because it appeals to your sense of getting something for nothing. But did you enter a prize draw for a new car? If the answer is yes, then by all means, approach with caution, but if you did not enter such a competition, then it is a scam. Nobody gets anything for free – especially a new car.

Quality of Content

While phishing scammers are pretty good at what they do, they aren’t always the sharpest knives in the drawer. Many are uneducated criminals trying to get lucky by sending out many phishing emails at once. Because of this, they make dead giveaway mistakes. Some of the most common relate to the quality of the emails that they send. 

At a glance, emails may look official but make sure you scrutinize them. There will be spelling mistakes, grammar mistakes, and poor-quality media such as images and videos. Authorized companies go to great lengths to ensure that the quality of their communication is top-notch. In addition, most employ third-party digital marketing professionals that are extremely unlikely to produce work with mistakes such as these.

Personal Information Requests

Finally, and probably the most crucial aspect of phishing is asking for personal information. Personal information includes maiden names, social security numbers, bank details, addresses, and the name of your first dog! But whatever it is, the only thing you need to know is that no official company such as your bank, insurance company, or pension planners will ever ask you for official details like these in an email[3], if at all.

Under no circumstances should you divulge any information in an email or over the phone. 

In Summary

Phishing is an effective tool of the hacker and a precious method of extracting sensitive personal data. As such, phishing accounts or around a third of cybercrime. Phishing is primarily performed via email communication (but there are other methods), where a malicious individual pretends to be someone from a genuine company, such as a bank and requests personal data.

However, as sophisticated as some phishers are, there are telltale signs that something is wrong. It would be best if you always hovered over any links to check for strange redirects, carefully read any senders’ domain names, and check the quality of the email’s content.