Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
What Is Phishing Email?
A phishing email is a scam that relies on emails. A hacker crafts an email that looks like it’s coming from a genuine source, like the support department at Google or Facebook. However, unlike real support emails, they request sensitive data the actual company would never ask for your login and password or your security questions.
Sometimes, such scam emails work in tandem with fake websites. Instead of asking for your data, they give you a link to a website that looks like the real thing. When you enter your login data, the fake website might even direct you to your actual account, but the hacker will already have stolen your information.
How to Recognize Phishing
Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:
- say they’ve noticed some suspicious activity or log-in attempts
- claim there’s a problem with your account or your payment information
- say you must confirm some personal information
- include a fake invoice
- want you to click on a link to make a payment
- say you’re eligible to register for a government refund
- offer a coupon for free stuff
How Do You Spot A Phishing Email?
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing every time you open an email or text:
It’s Poorly Written
Even the biggest companies sometimes make minor errors in their communications. Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations wouldn’t make. If you see multiple, glaring grammatical errors in an email or text that asks for your personal information, you might be a target of a phishing scam.
The Logo Doesn’t Look Right
To enhance their edibility, phishing scammers often steal the logos of who they’re impersonating. In many cases, however, they don’t steal corporate logos correctly. The logo in a phishing email or text might have the wrong aspect ratio or low resolution. If you have to squint to make out the logo in a message, the chances are that its phishing.
The URL Doesn’t Match
Phishing always centers around links that you’re supposed to click. Here are a few ways to check whether a link someone sent you is legitimate:
- Hover over the link in the email to display its URL. Oftentimes, phishing URLs contain misspellings, which is a common sign of phishing. Hovering over the link will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
- Right-click the link, copy it, and paste the URL into a word processor. This will allow you to examine the link thoroughly for grammatical or spelling errors without being directed to the potentially malicious webpage.
- Check the URL of a link on mobile devices by pressing and holding it with your finger.
If the URL you discover doesn’t match up with the entity that supposedly sent you the message, you probably received a phishing email.
Check The Domain
Legitimate companies have their own domains. For example, Abijita Foundation will never write to you from “[email protected].” Of course, scammers might try to trick you by using domains that are close-enough, like “[email protected]” or so.
Beware Of Information Requests
Legitimate companies do not ask you for your login information, security questions, or other such information. None of these are needed for the company to manipulate your account – they have the backend tools for that.
What To Do If You Responded To A Phishing Email
If you think a scammer has your information, like your Social Security, credit card, or bank account number, go to IdentityTheft.gov. There you’ll see the specific steps to take based on the information that you lost.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software. Then run a scan.
How To Report Phishing
If you got a phishing email or text message, report it. The information you give can help fight the scammers.
Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at [email protected]. If you got a phishing text message, forward it to SPAM (7726).
Step 2. Report the phishing attack to the FTC at ftc.gov/complaint.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.