What is Phishing and how to avoid it
For those of us who have been using e-mail since its inception have mostly encountered at least one instance of the so called “Nigerian Price scam”. I remember this type of scam from early 2000s and I was shocked to find out that the scam is still doing really well and raking tons of money.
There are plenty of ways that the fraudsters use to trick people but since the early days of the internet the most prevalent type is the phishing scams. Phishing is when a fraudster lures their victim into revealing sensitive personal or financial information. This can be achieved in a number of different ways but the easiest method is to send the victim a text message or an e-mail and trick them into responding to it either by gaining their trust or by preying on their instincts such as fear.
Let’s look at a couple of examples and see how we can easily identify these types of scams.
Looking at some phishing scams from the past year it is evident that the scammers don’t care if there is an ongoing global pandemic. Case in point is this COVID-19 phishing scam
Image courtesy: Kaspersky Labs
At first glance this email appears harmless and looks as if it was sent by the Center of Disease Control (CDC), which is a real organization in the United States, to alert you about the COVID-19 cases in your area.
Except that is it not. What are some things that you can look for in an email like this one to see that it is not legitimate
When you receive an email, look at the email address carefully. In this case the email is originating from “cdc-gov.org” whereas the real CDC uses the domain “cdc.gov”
If the email has any links in the body, be extremely wary of them. In this case the link appears to be pointing to a real CDC website but if you hover on it it is actually something different altogether
Be extremely cautious while clicking on links received in an email. Oftentimes hovering your mouse over the link can reveal the real web address of the site you are about to visit
The webpage that opens when you click on the link then asks you to enter your username and password for your email which the scammer can steal and use it to login to your account later
Always be mindful of where you are entering your username and password. Even if you click on the link from a fraudulent email, not entering your credentials can save you some trouble
The above example is just one very specific example of a phishing email. There are countless scammers out there who are looking to steal not just your username and password but your money or your credit card information via phishing. The good news is that there are some easy ways to spot a phishing email. Use the general tips/guidelines outlined below while looking at all your emails and you should be able to identify a phishing email relatively easily
Some of the obvious red flags include:
The email is insisting that you to act immediately or there will be irreparable damage to your finances, reputation, online accounts etc.
The most common tactic used by the scammers is that they play on our fears. If you receive an email that is asking for some immediate action, you can almost be certain that the email is not legitimate
As a general rule, no government body (IRS, CDC, Income Tax Department, Mumbai Police etc.) will contact you via e-mail and expect an immediate response. There will always be traditional mail communication sent out. You will likely be well within your legal rights to defend if you fail to respond to a communication sent with a stringent timeline. The key is to not be startled by such threats and take proper steps to avoid unnecessary damage
The e-mail includes any link that points to some unfamiliar website or points to a familiar website with wrong spelling or domain name
As a rule of thumb you should examine the email thoroughly before clicking on any links contained in the email. Look specifically for misspelled words or weird looking domains (eg. cdc-gov.org instead of cdc.gov)
Email requesting that you enter your personal, financial or medical information
Be extremely careful while entering your financial, personal or medical information online. You should be alarmed if a random email is asking you to share such information
Directs you to download some software or open a file attached to the email
It is almost never a good idea to install a random software on your computer sent by a some stranger on the internet. Doing so is nothing but asking for trouble. Only download email attachments if you trust the sender
These really simple general guidelines should keep you away from most of the phishing emails on the internet. It is always best to be safe than sorry when dealing with these types of scams. In cases like these, always remember to be vigilant and never take any hasty decisions.
That’s all for this one, do check out the other posts for more related content. If you found this post helpful then please share it with friends, family members and help them be safe on the internet.