You’ve seen it. Those pesky phishing and scam emails, calls, and texts we get every now and then. We’ve all been subjected to it at one point or another. Sometimes they are easy to tell, and we report or simply block them from our inbox. However, phishing has become more sophisticated over the years. What were once easy-to-detect spam messages, now has us second guessing if the message is real, making us respond back in a panic sometimes. So how do we avoid those troublesome emails that, despite all we do, just keep coming back?
What is Phishing?
First, let’s define what phishing is. According to Merriam-Webster, phishing is the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly.
Often times these emails are disguised as reputable companies, such as Amazon or Netflix. This gives it the illusion that these messages are real, and tempt us to click on links or share information that we shouldn’t have in the first place. These messages will often talk about your account being compromised or thank you for a purchase you didn’t order. Then, they’ll guide you to a link that says something along the lines of “if this wasn’t you, click here.” Of course, clicking that link would be a big mistake. You’ll either be directed to a page where they ask for very personal account information, or you’ll receive what is commonly known as a ‘Trojan Virus.’ These Trojan Viruses download malware upon clicking a certain link. Before you’ve even realized it’s happen, the malware is installed and can cause issues to your computer and corrupt your data.
It all sounds scary – and it is! But the good news is, once you know how to identify a scam email or message, you can quickly and confidently block and report anything fishy that comes your way.
How to Identify a Scam
OK, so we know what phishing and scams are. Now let’s take a look at an example.
In this example, Netflix is asking us to update our payment information. At first glance it looks trustworthy; it even has Netflix branding! But there’s a couple red flags we can spot, and some extra steps we can take to protect our data.
1. Review the Content Before Clicking Any Links
Even though it looks official, that doesn’t always mean it is. After all, it’s really easy to pull a logo or other basic information from the internet. The first step you should take is to look at the content of the email.
At first the content seems innocent, but bigger companies like Netflix will address you by name or other personal information that is related to your account. In this example, they don’t state your name or offer a greeting. Remember: if you’ve created an account for a company or a subscription-based plan, they’ll have your name on file and will normally address by name in their emails.
Another red flag is to look for any unusual grammatical errors or run-on sentences. Sure, we all make mistakes from time to time, but the more mistakes we find in a text or email, the more likely we can deduce it’s a scam. The most obvious tell in this email is the send-off; “Your friend at netflix.” See anything wrong there? The first is the word ‘friend’ – since Netflix is an entity, the proper word to use would be ‘friends.‘ You can also tell that the “d” in friend is not in the same font as the rest of the text. This is another tell that this could be spam. The other issue with this send-off is the lack of capitalizing “Netflix.”
2. Check the Email Address
Another factor to look at is the email address. A lot of the time this will be the biggest red flag in determining a phishing scam. Other times though, it can be a little trickier to tell.
In this email, you can see in the top left corner that it uses an extremely long and odd email. This is a very clear sign that this was not sent by an official Netflix account, and is just someone hoping that you won’t notice.
3. Don’t Click Any Suspicious Links
People put links in emails all the time, so why should this email in particular be a concern? For one, many companies like Netflix will not ask you to update payment info through their emails, but rather ask that you head to their website directly, log in, and update your information securely. Also, scammers will attempt to gain access to card or personal information directly. Clicking on any links that asks to update payment or personal information can be a risk.
When in doubt, always exit out of the email and head to the website directly (in this case, Netflix). Login to the website, and if your payment information does in fact need updated, your account will let you know. Only here should you update your information. Don’t do it through a random link sent to you via email or other method.
Now let’s take a look at another example.
In this email, it looks like someone has received an urgent request from a trusted friend/colleague. This is called spear phishing. Spear phishing is a more specific way that hackers attempt to steal information. It involves pretending to be someone you know, and illiciting an urgent response that normally requires sending payment or personal information, such as a phone number or address.
This type of phishing has increased over the years, and most likely you have dealt with it at one point or another (think to messages you received from the “Bishop” or your “Pastor” who would ask you to confirm a phone number or send money in a cryptic email or text). But not to worry, these can be spotted just the same!
1. Check the Email Address
Similar to those emails you receive from companies like Netflix or Amazon, check the email address of people who pretend to be someone you know. Oftentimes these will be very unusual, long addresses that make no sense. If so, then report and block the email. Even if the email seems legit and is from an address you’re familiar with, don’t engage until you are sure. If it’s an email that does not seem something that they would send you, ignore it and report it.
2. Contact the Person Directly
Unsure if the email or text is real or not? Contact the person directly through a different means. If they emailed you, give them a call or send a text and verify if that’s what they sent. Received a weird text from a person claiming to be your friend? Send an email to them, or call them on an already saved number. Most of the time, the answer will be that they did not send it. If that’s the case, you can take a deep breath knowing you saved yourself some trouble.
Stay Vigilant and Stay Informed
These are just some basic steps you can take to avoid phishing, but the important thing to remember is that it is an ever-changing form of online attacks. Soon, there will be other methods that people use to try and get your data. Just remember to always double-check anything shady, and to stay informed about the different types of scams and how you can look out for it.
Below are some resources and articles you can read to help protect yourself from future scams. And remember: the Bishop and the diocesan office will not send you cryptic texts or emails asking you to confirm personal information. When in doubt, call the office and verify with our staff if you received a message from us.
This article was written by Zach Phillips, Communications Director for The Diocese of West Missouri.