It has become almost impossible nowadays to distinguish between a real and a fake email from a well-known company, especially one that you are probably a customer / member of, because the design, logo and name look so real. But knowing which emails are genuine and which phishing emails is essential and can save you money and problems in the future.
Let’s jump right in and look at some examples of fake emails:
In this example, overall, it looks like a regular Netflix email. He even uses his title and logo. It mentions a billing issue and invites you to click on a link to update your payment information. In the meantime, everything is fine. But if you look closely, you can see a Generic greeting: “Hello my dear.” This is not very typical of a business to say. Maybe your mother.
In this example, PayPal appears to have identified a security issue in your account and is prompting you to review it by clicking on a login link that will encourage you to enter your login information. But if you take a closer look at the sender’s URL (at the top of the email), you can see that it does not end in @paypal, but in the wrong version of PayPal and the @outlook extension, which is a public email address service.
Not all phishing messages direct you to a phishing site. In the example above, you can see that she is calling you to call any 800 number. Apart from the fact that the sender’s URL suffers from similar problems as in the previous example, we notice problems with writing: “Malicious user may try” (illogical), “Windows” is in lower case and more Grammar and spelling problems. It should be a red flag that it is, in fact, a Phishing Email.
Sounds scary? Do not worry. Following these tips can be helpful in detecting and preventing phishing attacks.
Here are some tips to protect yourself from phishing attacks:
- Trust your instinct
When you receive an unusual email from your bank saying that your account has been abruptly closed, most people’s initial thought will be that … well … it does not make sense. Be, try to stay calm and follow these steps.
- Check the sender’s email address
Does it look familiar? Does it end in “@ amazon.com” or just include “amazon” in a random place? When you run a search on your email with this address, is there any previous communication? Do they use a public email service like Google? If so, it may be fake.
- Contact the real company directly
If you are not sure if the suspicious email is genuine or not, just call or email the company. Nowadays, you should get the contact information of most companies by a quick Google search.
- Beware of worrying content.
Anything that pushes you to act fast with a short deadline (such as 48 hours), asks for your financial information, offers you a reward, or just seems wrong, probably yes. Of course, you may receive a legitimate message informing you to take action. For your safety, do not click on the link in the email, no matter how real it looks. Instead, visit the real site from your browser and log in from there to check your account status.
- Check spelling or grammar incorrectly
This is one of the most obvious signs that a fake email. Sometimes, it is easy to spot the mistake, like ‘Dear Facebook customer’ instead of ‘Dear Facebook customer’. So if in doubt, check your email carefully for spelling and grammatical errors.
- Beware of emails that say you won a contest you did not participate in
A common phishing scam is the sending of an email informing recipients that they have won a lottery or other prize. All they have to do is click on the link and enter their personal information online. Chances are that if you have never bought a lottery ticket or logged in to win a prize, email is a scam.
- Beware of emails calling for you to donate
As unreliable as it may seem, scam artists often send phishing emails inviting recipients to donate to a worthy cause after a natural or other tragedy. For example, after Hurricane Katrina, the U.S. Red Cross reported more than 15 fraud sites designed to look like legitimate Red Cross appeals for relief efforts. Potential victims received phishing emails asking them to donate to the Red Cross, with links to malicious websites that stole their credit card numbers. If you would like to donate to a charity, do so by visiting their website directly.
- Beware of emails containing suspicious attachments
It would be very unusual for a legitimate organization to send you an email with an attachment, unless, of course, it’s a document you requested, like a monthly account report you signed up to receive. As always, if you receive an email that looks suspicious in any way, never click to download the attachment, as it may be malicious.
- Use security software or an application such as ZoneAlarm Extreme Security.
ZoneAlarm Extreme Security includes everything you need to protect your PC and mobile device (Android or iOS) from cyber attacks, including phishing attacks, all using enterprise-class Check Point technology. Its anti-phishing feature prevents you from entering your credentials while it checks whether the potentially dangerous site / email opened securely or not. Only after it is considered secure, you can proceed to enter your credentials.
In conclusion, to avoid phishing, you must first become familiar with the major forms of phishing messages. This post has covered the most relevant areas that will help you identify phishing scams and stay safe.