Let's start off by defining what a phishing email is.
Phishing emails are usually disguised as legitimate emails from reputable companies, such as banks or credit card companies. The purpose of these emails (that look very much like official communications from the company in question) is to get people to supply sensitive information such as usernames, passwords, credit card numbers, social security numbers, etc.
The goal of a phishing scam is usually to collect sensitive information by targeting a large number of people, with the intent of scamming them.
How to identify a phishing email
There have been many phishing scams perpetrated over the years. In many cases, the trick used by scammers is to use a very convincing email that looks very much like something from the company that the email is claiming to be from. Usually, a phishing email will contain a link to a website, different from the legitimate website of the real company. The email will instruct the recipient to click on the link and go to that website.
On the website, the recipient is asked to supply sensitive information, under the pretense that the user will login to the platform, unlock features or register for contests.
Here are some clues that can help to identify a phishing email:
1. The sender's email address is not from the company that the email claims to be from
Check the sender email and if you spot any discrepancies between the address you would usually expect communication from, you should treat the message with precaution.
2. The email does not contain a company logo
This is not always the case, but an email that is missing essential assets, such as the company logo, should normally treated with suspicion.
3. The email looks like it was sent by a person
If you spot a message that looks very much like it was sent by a person (a person's name, rather than a company name), the email should be treated with caution.
4. The email does not contain a valid contact number
If the email you received did not contain a valid contact number, it is likely that the email was sent by a person and not by the company.
5. The email contains a link that takes you to a website that is not trustworthy
A website that does not look like the company’s real website should be considered potentially dangerous.
6. The email is not well-written, contains poor grammar of bad spelling
An email that contains spelling mistakes, bad grammar or a badly-written message should not be trusted.
7. The email is addressed to a large number of people, but the email does not appear to be sent to a mailing list
If the email is delivered to an unusually large number of recipients, without being sent to a mailing list (and that the email is not a template and/or test sent to a list of employees), then the message should be considered a phishing email.
8. The email has attachments
For example, the email might contain a zip file attachment that is disguised as a PDF file. The file might be disguised as anything, such as a picture or clip art. A common scam uses a picture of a check or a scanned copy of a check.
Types of phishing emails
1. CEO Fraud
When it comes to business emails, the most common occurrence of a phishing email is the one known as CEO fraud. In this case, someone will send an email to a low-level employee claiming to be the CEO of the company or some other high-level manager or executive, depending on the company structure. The email will ask the employee to transfer money to a specific fake account.
2. Bank Phishing
In bank phishing scams, a victim is sent an email from a fake bank account. The email requests the victim’s password for the bank account. If the victim supplies the requested information, the scammer can use the information to access the victim’s real bank account.
3. Lottery Winner Scams
In a lottery winner scam, a victim is sent an email from the “lottery commission.” They are told they’ve won a large sum of money. The only problem is that the victim has to send a “fee” to collect the money. The fee, of course, is for the “lottery commission” to collect.
4. Gift Card Scams
In gift card scams, a victim is sent an email that appears to be from a retailer or bank. The email claims that the victim has won a gift card. The victim is informed that to receive the gift card, they must supply their credit card information. Once the victim supplies the information, the scammer can use it to make unauthorized purchases.
5. Tech Support Scams
In a tech support scam, a victim is sent an email claiming to be from a tech support department for a popular company. The email claims that the user has a virus on their computer and that the user needs to download and install a program that the “tech support” person claims will fix the problem. The email then provides a link for the user to download the program.
The problem is that the program is really malware that will infect the user’s computer.
6. Check Scams
In a check scam, a victim is sent an email that appears to be from a bank or other financial institution. The email informs the victim that they have a check waiting to be picked up at the bank or other financial institution. The email contains a link to a website that has a form that requests the victim’s personal information. Once the victim enters the information, they are asked to print the form and go to their bank or financial institution to pick up the check. But the check is fake, and the victim is out the money that they sent to the scammer.
7. Phishing for passwords
In phishing-for-passwords scam, a victim is sent an email from a trusted source, such as a bank or company. The email contains a link to a fake login page that imitates the website of the trusted source. The victim is then asked to enter their username and password into the login page. Once the victim enters the information, it is sent to the scammer.
These are just a few of the many types of phishing scams that are prevalent on the internet.
Some scams will be more sophisticated than others, but it’s important to remember that a scam is always a scam.
How to handle a phishing email
In most cases, phishing emails are relatively easy to identify. However, it is important to note that not all phishing emails are easy to spot. That is why it is important to know what to do in case you receive a phishing email.
- Do not click on any links or attachments in that email.
- Do not reply to the sender or the email address that is shown in the email.
- Do not enter any sensitive information in the email or on websites linked in the email.
- Do not open any attachments in the email.
- Do not give the sender any information that is asked of you.
- Do not click on any links in the email.
If you receive a phishing email, do not respond to it and do not click on the link.
Forward the email to the company that the email claims to be from. If you do not know the company’s email address, Google it.
And, finally, don’t be afraid to report the scam to the authorities.