How to Spot a Fake/Phishing Email Scam
Online attacks have become much more sophisticated, but they’re still largely delivered in the same way they have been for roughly two decades… by email.
Phishing (or fake) emails are designed to get users to take a necessary action to introduce a virus, ransomware, or other dangerous malware into your computer system.
90% of cyberattacks are driven by phishing emails.
See, most of the time if the email goes unopened, then the attached virus just sits there and can’t do anything. The attacker needs the user to take an action, such as opening a file attachment or clicking a link, and visiting a malicious website before the code can get injected into their computer.
This is why the phishing email has remained so popular and so dangerous. It provides a way to get in front of a user and trick them into taking one of the following actions:
Opening a file attachment that contains malware
Clicking a link to a website that can inject malware as soon as the page loads
Clicking a link to a fake sign-in form that looks like online banking or an app like Facebook and compromising their login credentials by signing in
Most users aren’t well trained or tutored in how to identify a phishing attack, so, unfortunately, they fall victim to all types of malware and the consequences, which can be everything from having your bank account details stolen to having your computer infected with adware.
In a 21-day study by the University of Florida about how people aged 18 to 89 responded to phishing, it was found that 43% of people fell for at least one phishing email. The most susceptible group was women aged 62 and older.
What is Malware?
You’ll often hear the term malware when you read about phishing or viruses. Malware is a general catchall term for all types of online threats.
The malware category includes things like:
And multiple other types of dangerous codes that infect computers
Tips for Detecting a Phishing Scam
The best way to protect yourself from a phishing scam is to know how to identify phishing. It can be very tricky these days because the scammers replicate the logos and signatures of well-known companies.
However, there are some telltale signs that you can spot. One important thing is not to get caught up in the emotion of a scam email. They’ll often use fear tactics (e.g. “You must respond now or lose service!”) to get people to click without thinking.
Take the time to look carefully over any unexpected emails in your inbox or any that look out of the ordinary. Here are some things to look for.
Hover Over Links to See the REAL URL
One dead giveaway of a fake email is hovering over a link with your cursor, but NOT clicking. You’ll see the real URL of the link appear as a popup as you hover.
This is how you can often immediately see that a link isn’t going to the website of the company that the email is trying to spoof.
You can see in the example above that the scammers duplicated the look of an Amazon order email. They did such a good job that many users would be instantly fooled and click the link, wondering why Amazon is charging them for something they never ordered.
But hovering over the link shows that the URL is going to “bobbin-head.com” which is definitely NOT the amazon site. It’s a scam.
Yes, scammers will even use your real name or company name, as they did in this email to fool you.
Strange File Attachments
Phishing scams may also look like messages you’ve sent but are bouncing back. In the case above, the user did the right thing and did not open the strange file attachments that appeared on the message. Instead, they contacted their web hosting provider and asked them if their email account had been compromised (they thought perhaps a spammer was sending messages on their email account and this was a bounce-back).
The web host confirmed the message was fake, the email was not compromised. It was just designed to get them to open one of the attachments. The user promptly deleted the message.
Stay away from any strange file attachments or attachments to emails you aren’t expecting from a specific contact.
Bad Grammar & Typos
Another way to spot a phishing email is if it uses bad grammar or has typos. Sometimes these won’t be immediately identifiable, so you need to take a moment to read through a scam email carefully.
This can be difficult if you’re already responding emotionally to the purported message, so just remember to take a moment and look at an email carefully.
In the email below you can see that the word “order” is misspelled and it uses “you’re” instead of “your” at the opening of the message. It also had an address variation, which we get into in the next tip.
Slightly “Off” From Addresses
The “From” address in an email can also be a giveaway that it is a phishing scam. If it seems slightly off from what you’d expect, has a typo, or doesn’t match the company the email is supposed to be from, that’s a sign it’s a fake.
In the email above, you can see that the email purports to be from McAfee, an antivirus software maker. However, the address showing is from “allo.com.” A brief internet search shows that this is some company in Bangalore, India that has nothing to do with McAfee.
Companies can often get their web servers hacked, in which case attackers can use their email addresses to send out phishing scams so that Allo company could either be behind the attack or may have no idea their address has been used for phishing.
Need Expert Help Honing Your Phishing Identification Skills?
CompuTara offers expert computer tutoring for New Jersey residents and everyone else via remote support. I can help you sharpen your phishing identification skills, so you’re better protected from the biggest online threats.
Schedule a computer tutoring session today! Call or text me at: 862-368-4893 or Email me here.
References linked to: