You've Won $10,000,000: 10 Common Traits of a Phishing Email Scam & 10 Ways to Protect Yourself
You've Won $10,000,000: 10 Common Traits of a Phishing Email Scam & 10 Ways to Protect Yourself
Spot the Scams
Ever received an email claiming you've won a free iPhone or $10 million out of nowhere? Even if you recognize that these too-good-to-be true offers are scams, phishing emails aren't always so easy to spot, especially when they look authentic at first glance. So, what are the common traits to look for, and how can you stay safe online? Here's a quick guide that'll make sure you don't fall for these malicious tricks.
John Guccione www.advergroup.com on Pexels
1. Grammar & Spelling Errors
One of the number-one indicators that you've received a phishing email is when the message is littered with grammar and spelling mistakes. If the email is supposed to be from a reputable sender or agency, such as a business or school, then you should expect the email to be flawless. However, you should still be wary: scammers can use AI (artificial intelligence) to craft messages that seem legitimate.
2. Unknown Sender
You should immediately be suspicious if you don't know the sender at all and were not expecting an email from them. Even then, senders that claim to be from a legitimate organization shouldn't be automatically trusted—scammers may create email addresses that look believable but aren't, take for example, microsoft.com versus rnicrosoft.com.
3. Asking for Personal Information
Phishing emails typically try to exploit the person the message is sent to, which means you'll often be prompted to enter sensitive information in order to "access" something. For example, the email may claim that there was suspicious activity going on with your credit card or with your social media account, and you need to click a link and type your card number or password to fix it.
4. Sense of Urgency
Phishing emails often have a sense of haste to them. They may state your account is hacked, and you need to take immediate action, or that you've won a prize and you need to claim it right away by clicking on a link. Whenever a message adopts a threatening or urgent tone, it's most likely a scam.
5. Generic Greetings
If the sender is coming from a business, school, or organization you are familiar with, but they greet you generically in the email, you should also be wary. This shouldn't raise an alarm if it's, say, a faculty-wide email sent to hundreds of employees or students, but if the rest of the message seems to be personally addressed to you yet the greeting is "Dear student," or "Dear customer," don't fall for it.
6. Suspicious Attachments
Be suspicious if you're not only receiving an email from someone you don't know, but if they're also sending a message with an attachment. While these files aren't always malicious, you should still never download them without first verifying the identity of the sender.
7. Inconsistent Links
Similarly, you should be very wary of any links that are present in the email. If you hover over them and the URL seems to direct you to somewhere else and not to where the sender says it will, that's already a red flag. Never, ever click on links in emails from suspicious or unknown senders.
8. Too Good to Be True
Ever received an email that claimed you won the lottery, even when you never bought tickets? No matter what odd (and sometimes hilarious) stories scammers craft up, just remember this: if something sounds too good to be true, it probably is.
9. Short & Sweet
Some phishing emails are lengthy and riddled with spelling mistakes, but others can be short, to-the-point, and seemingly legitimate. Even then, you don't want to let your guard down. Some scammers may pen a short message only to attach a malicious file or link to the email.
Glenn Carstens-Peters on Unsplash
10. Unusual Time
You should also be wary about the time an email is sent to you. If the sender claims to be from a real organization, double-check to make sure the message was sent to you during their business hours. For example, your "boss" or "coworker" sends you something past midnight when that never happens.
How, then, can you protect yourself from falling victim to these scams? Here are 10 tips to keep in mind to stay safe online.
1. Verify the Sender
Before you even read the content of the email, verify the sender first. Do you know them? Have you received emails from them before? Have you been in recent contact with them? Have you done anything that warrants a message from them? Asking yourself these questions and double-checking to make sure the sender is who they say they are will help you stay safe from the get-go.
2. Don't Click Any Links
Don't click on any links before you've verified the sender. And even after you've double-checked and made sure they're who they say they are, you still want to be wary of any links or attachments provided. Always hover over URLs to inspect them first, and don't download any files you weren't expecting.
3. Never Give Out Sensitive Information
No matter who the sender is, never give out your sensitive information over email. That includes your credit card number, bank account number, passport number, home address, full name, login password, and anything else that contains personally identifiable data. Legitimate organizations will always ask you to provide sensitive information over secure portals.
4. Call—Don't Email Back
When in doubt, it's better to directly call the business or organization instead of clicking on any links or emailing back. For example, if your bank claims that they've noticed suspicious activity in your account, call the number on the back of your credit card, not the number provided in the phishing email.
5. Type the URL Out Yourself
Instead of following the links in the email, type out the URL yourself on your browser. For example, if you're prompted to reset your password because of suspicious activity, open up a new tab and head to the website yourself. That way, you're protecting yourself from clicking potentially malicious links.
6. Enable Multi-Factor Authentication (MFA)
If you haven't already, make sure to enable MFA across all your accounts on platforms that offer it. This means you'll be sent a notification, either to your phone or email, to verify it's really you logging in. This makes it harder for hackers to gain access to your account, even if they know your password.
7. Stay Educated
Phishing emails are constantly changing and evolving because attackers are finding new ways to craft believable scams, especially with AI to help them. Make sure to stay educated by doing your own research and keeping yourself up-to-date with the different techniques that are being used.
8. Report Suspicious Emails
Whenever you get a suspicious email, report it. This ensures they get flagged and won't end back up in your main inbox. This step is especially crucial if you've been getting phishing emails on your work email, as mistakenly clicking on malicious links or attachments could affect your entire organization.
9. Be Wary of Everything
It's good practice to be wary of everything that comes into your inbox. After all, even if you receive a message from a legitimate sender, you never know if their address was hacked and an attacker sent the email using their identity.
10. Trust Your Gut
Remember to always trust your gut. Even if the sender and the email seems to pass all your initial checks, if you sense that there's something off, there probably is. Get a second opinion on it and don't reply just yet or click on any links. It's better to be safe than sorry.
