Stay on the lookout for these phishing red flags
Christine Ottoni • December 9, 2020
Get educated on the basics of phishing
With phishing scams becoming more commonplace every day, it’s best to brush up on major phishing red flags so you can spot a suspicious email when it lands in your inbox.
What is phishing?
Phishing is an attempt to get hold of personal, financial or otherwise sensitive information like account numbers, usernames and passwords. A successful phishing scheme will get people to volunteer information by camouflaging itself as a routine communication, often an email message, from a trusted source like a bank or a colleague.
Phishing emails and messages can have all the look and feel of a regular communication, but there are a few giveaways to look out for. Before even getting to those however, there are a couple basic rules to live by.
- Never share personal information like passwords, usernames, account numbers or work login credentials through email.
- If something ever feels phishy (as it were), chances are it is.
Common email and message phishing red flags
Asking for accounts or passwords
Phishing scams typically ask for personal information. If you ever get an email that asks you to reset your password immediately, it’s wise to avoid clicking through any links provided in the message. Bad actors will often create incredibly convincing replicas of things like a banking site in order to phish logins and passwords.
Account security can be easily confirmed through trusted channels and services directly. So, let’s say you get an email that appears to be from Twitter about your account security. The email says you must reset your password immediately and provides a link to do so.
Here’s an easy, safe way to determine if your account is secure. Open a browser window, and log in to your Twitter account as you normally would. If you get in with no issues and without receiving a security message, it may have been a phishing attempt. You can reset your password if you choose… just not by clicking on a link from an email. At least, not one you didn’t expect.
It has an urgent feel
Phishing messages will try to rattle recipients by suggesting action must be taken immediately. The messaging will make it seem like every second counts or tell you to “act now” in order to secure accounts.
If you’re concerned about time sensitivity, bypass the email itself (and never click on a link) to get in touch with the service through a prior, trusted channel. Just as the example above, it’s best to open a new browser, log in and check things out.
URLs and email addresses are off
URLs and email addresses can leave clues and signs that point to phishing scams. Check links by hovering your cursor over text to reveal actual destinations. This will be displayed in the bottom corner of your browser.
Make sure links include https:// at the beginning of the web address. The “s” in this case signifies a secure link.
Email addresses may make subtle, difficult to catch spelling errors. For instance, bad actors may use “nn” where an “m” should appear or simply switch a couple of letters around. Let’s face it, we tend to skim, especially when sorting through our digital mailboxes. Taking an extra couple seconds to confirm sources and links can make all the difference when it comes to security.
It uses fear mongering, especially using current concerns
The “bad” in “bad actors” shouldn’t be underestimated; there’s nothing that’s off-limits in their attempt to get your personal information. A tactic regularly used in phishing is utilizing something that the public is currently concerned about. In 1999, you can bet hackers with comically baggy jeans were sending out emails with “click here to protect your computer from Y2K” links. In 2020, these unscrupulous individuals are taking advantage of the COVID-19 pandemic, using tactics ranging from pretending to request donations for relief funds to offering recipients “stimulus checks.” To protect yourself, your best bet is, once again, going straight to trusted sources.
Trust no one (seriously though)
Remember, if one of your contacts gets hacked, you’re vulnerable too. Be aware that phishing emails can come from users and email addresses that look totally credible. And with the ability to convincingly imitate anyone’s voice and even create believable videos of someone through deepfakes, it’s becoming increasingly difficult to quickly catch a scam. You can always confirm odd-looking messages with the sender through another channel like a good old-fashioned phone call. They’ll thank you for it in the long run.
Looking for more security-related tips and tricks?
We’ve covered our fair share of security tips here on the Ting Blog, including how to keep your data safe on free Wi-Fi, how to opt-out of Facebook Messenger accessing your contacts and even how to flag unwanted spam and scam calls. Looking for a strong password generator? Let us recommend a couple and give you some tips on updating your old passwords.