Phishing Email Scams: How to Not Fall Victim

When it comes to phishing email scams, a wolf in a sheep’s clothing is still … well, a wolf. What comes to mind when you think of this metaphor? For us, it’s the numerous scammers who attempt to access your information by masquerading as legitimate email or business messaging.

Phishing is one of the most common forms of social engineering (fraud that involves hacking people to obtain information), and about 96% of social engineering is done through phishing emails. You may have noticed that October was Cybersecurity Awareness Month, but cyber frauds occur throughout the year. Here are some tips to help you avoid falling victim to a phishing email scam.

A general rule of thumb would be to never click on links, but we know it’s not always that easy. Here are a few ways to tell if something might be “phishy” about an email link:

• Something is misspelled in the link to a website or brand. Cyber scammers aren’t the BEST spellers, and fortunately, it’s easy to spot if you know where to look.
• The brand name may be legitimate, but check the domain to verify its authenticity. You should also be wary if the brand name is in the email address or URL, but it doesn’t match the domain.
• Overly long OR overly short URLs. URLs that contain 100 or more characters, for example, are attempts at obscuring the true domain and/or linking to a completely different website at the end.

If you’re still unsure, you can always do your own research to find the legitimate website. You can also hover your mouse over links in the email to see if they will lead you to an unexpected website. Just don’t click!

Grammatical errors are a clear giveaway. Legitimate emails are professionally written and usually checked for typos or structural errors. Even if it looks clean, compare the consistency with previous emails you’ve received from the company. Pay close attention to how they address you as well. If they say “Dear Little Red Riding Hood,” they’re clearly a wolf in disguise! A scammer may address you as a valued customer, while a legit company or coworker will use your name or a simpler greeting such as “hello.”

A scammer is going to put ALL the pressure on you in an attempt to create panic and get you to do what they want. Language that invokes urgency, like “failure to do so in 24 hours will lead to account suspension” or “Immediate action required/it is vital that you follow these directions or else…” is less likely to be used by legitimate companies. These scams can also claim that you’ve already been hacked, or your information is at risk, and give you instructions to “protect” yourself. But beware – this is just a disguise to confirm your personal information and a telltale sign of an imposter and a phishing email scam. Another form of urgency can appear in the subject line. An alarming subject line will get you to act fast – before you even have time to think or outrun the predator.

Here are a few extra things you can look for in a phishing attempt:

• To, From, and Reply lines – are there people you don’t know included in the email? Can you verify the email addresses? Do the From and Return addresses match? Scammers are most believable when impersonating someone you trust, like your company’s payroll. But watch out!
• Don’t go on a date with the wolf! Check the date and time stamp of the email to ensure it wasn’t sent at an unusual time or outside of normal hours.
• You should even be cautious about personalized emails. This is one of the ways “phishing” emails have gotten trickier, and it’s called spear phishing. Remember – every piece of public information is also accessible to bad people, and they can use it against you.
• Don’t click on downloads or attachments unless you’re expecting them. Even if it’s to avoid “negative consequences.”

If all of this is a little overwhelming (because it absolutely can be!), check out the infographic below for a list of example scenarios to look for in phishing attempts.

Arm yourself with the information to protect against cyberattack attempts delivered to your email. Be on the lookout; it’s okay to be skeptical. Run through this checklist to avoid falling victim to email phishing scams.

Want more resources on cybersecurity and information safety? Visit Moneytree’s Staying Secure Page.