Phishing Scams: How to Spot Suspicious Emails
By the end of 2020, the U.S. had 2.2 million fraud reports. Fraud losses totaled $3.3 billion. And 15% of the fraud was through email.1 We give our email addresses online, in stores and over the phone. By doing so, we could be making ourselves vulnerable to fraud and identity theft. Email providers have spam filters in place, but good phishing emails can be difficult to identify. Meaning, those pesky phishing emails may still find their way to your inbox. Keep reading to learn what phishing is and how to avoid the scams.
What is phishing?
Those suspicious emails are called phishing (pronounced fishing). Phishing is when a person or group tries to steal your financial or personal info through “social engineering techniques.” These include emails, vhishing (voice/phone call phishing), smishing (instant message or text phishing), social media campaigns or even in-person visits.2 Phishing emails look like they’re from a company you know or trust, and usually have a convincing tale to trick you into opening a link or attachment. What’s in it for them? They want your personal information to get access to your email, bank and other accounts.
Per the Federal Trade Commission, fake stories could include:3
- Claims of suspicious account activity or login attempts
- Problems with payment or account info
- Demands for you to confirm personal info
- Fraudulent invoices/bills
- Eligibility to register for government funds
- Coupons or claims for free stuff
The phishing game is strong
We’re all at risk of falling for the lure especially with phishers getting smarter and more daring with their tactics. With easy access to your phone, there isn’t much we can’t or don’t do online. And with the pandemic aftermath, government tax credits and stimulus checks, unemployment claims and more, cyber fraudsters have plenty to work with.
According to a 2021 Verizon report:4
- Quarantine has helped amp up phishing frequency
- Phishing is the top action in various data breaches
- Phishing is present in 36% of breaches
- This is an increase from 25% in 2020
What are some common phishing scams?
Phishing scams can be nerve-racking. But by becoming familiar with common scams, like fraudulent hyperlinks, you could avoid becoming a victim.
Ron Shuck, Senior VP Chief Information Security Officer at CURO Financial Technologies Corp (the holding company for Speedy Cash) shared,
“Instead of clicking on a link to view information about package delivery, type in the address for the UPS site or Google it, and go from there. Scammers will create links that look like the real deal with a subtle difference (e.g. www.speeedycash.com instead of www.speedycash.com). Notice the extra “e.” These fake sites will look like the real site, but their purpose is to steal your information.”
Most common phishing scams:
- Tech support scams: False claims about your account trick you into revealing your information
- Infected attachments: Downloading documents or .HTML links to hack into files
- Social media: False info through messaging on social media platforms (think: Facebook, IG or LinkedIn) to get login credentials
- CEO Fraud: Emails from your so-called boss/CEO requesting wire transfers or other forms of payment, particularly to overseas destinations
How to prevent phishing
You can spot many phishing red flags before it’s too late. If something seems fishy, like a harsh demand to open an attachment, it probably is.
Shuck suggests,
“The best protection is to avoid opening attachments unless you were specifically expecting one.” He added, “It is important to remember these tricksters will replicate emails or even websites for legitimate companies to try and trick you.”
Most common phishing red flags:
- Obvious misspellings in bodies of text or web links
- Accounts urgently needing updated banking or personal secure info, like date of birth, Social Security Number, or account password
- Unbelievable offers/winnings, like a trip to the Bahamas you never entered
- Emails from a personal account, not the domain of your trusted provider
- Threating emails of false debt-collection claims (i.e. fictitious case number, threatens legal action, etc.)
- Emails asking for advanced payment or pre-payment
- Emails requesting funds loaded to a prepaid card, gift cards or wire transfer
Unsure if you’re the phish?
Obviously, not every email is going to be a scam. But it’s better to be cautious than the catch. Here are some things to think about when someone or something wants your info.
Make sure you verify:
- Confirm the person or provider is who they say they are
- If you feel the email or claimed info is false, do not provide your personal info
- Call or email the valid business’ contact info (not what’s listed in the suspected email) and verify claim
- If the legit business tells you it’s false, report the email or other social interaction as a phishing scam
How to report phishing emails and texts
It’s very important to report a phishing email, text or other contact. Provide your experience and help combat those nasty fraudsters!
- Forward your phishing email to the Anti-Phishing Working Group at reportphishing@apwg.org
- Forward you phishing text message to SPAM (7726)
- Report the phishing attack to the Federal Trade Commission at ReportFraud.ftc.gov
No phishing area
Phishing scams are a preferred way to slyly get your financial and sensitive info. Be extra cautious of personal info requests and suspicious downloads. And watch for misspellings, demanding requests and skeptical winnings claims to avoid being caught in a phishing trap.
Sources:
- Staff. (2021, February). Federal Trade Commission. Consumer Sentinel Network. Data Book 2020. Retrieved from: https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2020/csn_annual_data_book_2020.pdf ↩︎
- Staff. (n.d.). Report Phishing Sites. Retrieved from: https://us-cert.cisa.gov/report-phishing ↩︎
- Staff. (2019, May). How To Recognize and Avoid Phishing Scams. Retrieved from: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams ↩︎
- Staff. (2021). Data Breach Investigations Report. Results and Analysis. Retrieved from: https://www.verizon.com/business/resources/reports/dbir/2021/results-and-analysis/ ↩︎