Don’t Take the Bait In a Phishing Scam
Have you ever received an alarming email from a bank you don’t patronize, informing you that something is wrong and that you should click a link to find out more? Or one that asks you to open an attachment and view the provided statement? Ever found an email waiting in your inbox from PayPal or Facebook notifying you that your account has been compromised and that you must click the link to reactivate? Maybe you’ve received invoice from a company you’ve never heard of, and open an attachment that sets off your antivirus software?
These emails, known as phishing scams, are both alarming and potentially dangerous to your computer and your business. It’s important to learn to spot one immediately, before you give away secure information or find your computer flooded with malicious software. Phishing emails, designed to lure you in to take the bait, can be tough to spot.
Why the scam?
Email scams are designed to alarm and trick you into taking one of two actions that ultimately release secure info into the hands of a scammer. An email that appears to be from a familiar company will try to alarm or confuse you into clicking a link requesting private information, or get you to open a file that releases spyware on your computer.
Common examples of the link-clicking scam involve emails that claim to be from PayPal, Gmail, a bank, or a very convincing utility bill. Clicking the provided link takes you to a false but official-looking website. The website requests that you input private information such as username, password, email address, financial or credit card data, security information and other private details. This information is stored by the spoof website for data theft or intrusion into your account.
Another form of phishing scam sends you a file to open under the guise of an invoice or receipt, which may be a .zip file, .exe file, or .pdf file. Opening the file releases malware onto your computer to gather secure information or opens a gateway for a serious malware infection. At its worst, the software could allow the scammer to control files and hold your computer’s contents hostage for a fee.
A specific form of phishing, known as spear phishing, targets a user by name or using a business or individual name that is familiar. This scam is particularly nefarious for businesses, since the scammer may request sensitive company data while posing as an employee.
How to spot a scam
Some phishing scams are obvious. An email may come from a bank or company with which you aren’t affiliated. It may be from an email address for someone who does not exist, the language in the email may look suspicious or you may get the sense the writer is not an anglophone. Garbled, nonsensical emails and typos are another sign to be suspicious.
Other emails are more sophisticated and you have to look hard to spot the scam. A PayPal or Facebook email may be designed to look like an official message, with similar images and language. The energy company statement may look very straightforward, as you would expect an energy statement to look. The court order from Illinois might look extremely convincing and potentially frightening.
Avoid taking the bait
If you find an obvious scam in your inbox, it’s safe to delete the email. Just looking at the message isn’t going to hurt your computer or release any sensitive information. You might consider contacting the company or person in question and informing them that a scam is taking place in their name so they can take steps to fix the issue.
If you receive an email that makes you hesitate because you are not sure, there are a few steps to take. First, do not click the link or open the attachment. Don’t react by impulse or alarm. Instead, look closely at the email. Many big companies will address you by name since they have your name on file. If you see “Dear User” or another generic header, it’s possible the email is a scam. If the email just doesn’t look right, there are misspellings and typos, or other cues that something is amiss, you may have received a scam email. You can also hover your mouse over the link provided to see the full web address, or look at the email address the email was sent from. If either of these seem inconsistent or strange, the email may very well be a scam.
What to do?
If you suspect the email might be a scam but you’re not sure, you have a few options. If the email is directing you to an account that it claims has been restricted, go to your web browser and log into the account to check. Do not click the provided link because it may not send you to the true site but to a spoof site designed to gather your data. If the email claims to be from a business or individual and you did not expect an email, or you have a reason to be suspicious of the email, contact the company or person and ask. Pick up the phone and confirm that the other party did indeed send the email.
Recovering from a scam can be complicated, depending on the nature of the scam. It may involve changing your account passwords, contacting the company for further instructions or getting malware cleaned out of your computer. Learning to spot and avoid a phishing scam is the better option. As insidious as some of the email scams are, and as tricky as they can be to spot, it’s important to learn how to identify and avoid a phishing scam.
This article was written for Surplus Today.