10 Ways to spot a phishing attempt
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Phishing attacks are becoming more and more common, and they’re only getting more sophisticated. While there are a variety of ways to defend yourself against phishing attacks, one of the best methods is simply to be able to spot them. With that in mind, here are 10 common signs that an email or other communication may be a phishing attempt.
Calls from an unknown number
If you get a call from an unknown number, and the caller claims to be from your bank or another organization, be very careful. This is a classic phishing tactic.
The caller will try to obtain personal information from you, such as your credit card number or Social Security number. They might also try to get you to click on a link that will install malware on your computer.
Don’t give out any personal information to someone who calls you out of the blue. And if they try to get you to click on a link, don’t do it. Hang up and call the organization they claimed to be from using a number you know to be legitimate (e.g., the number on the back of your credit card or from the organization’s website).
What’s more, consider doing a reverse phone lookup on them to see where the number is actually originating from.
The message is not personalized
If you receive an email that doesn’t address you by name or refers to you as “Dear User” or “Dear Valued Customer,” be wary. Phishing emails often use generic greetings in an attempt to seem more widespread – and less suspicious – than they actually are.
That’s because they are usually sent out en masse as part of a massive automated campaign. Phishers usually just have a list of email addresses and the idea isn’t to find out the name of the person it belongs to or do any kind of in-depth personalization, but to get as many people as possible to click on the links in their message.
The sender’s email address doesn’t match the organization they’re claiming to represent
This is a pretty straightforward way to spot a phishing attempt. If you get an email purporting to be from your bank, but the email address it comes from is something like [email protected], then it’s pretty clear that something is not right.
Organizations won’t send out official communications from a Gmail or Hotmail address. They will always use their own domain name (e.g., WellsFargo.com, PayPal.com). So, if the email you receive is coming from anything other than an organization’s official domain, it’s a huge red flag.
There are grammatical errors or typos in the email
If you receive an email that is full of grammatical errors, typos, or just generally seems to be poorly written, it’s a good indicator that it’s a phishing email.
Phishers often send out their emails quickly and without much care or attention to detail. So if an email looks like it was dashed off in a hurry, with no regard for proper spelling or grammar, it’s probably a phishing email.
Phishing scams also originate overseas, and the architects of these scams aren’t native English speakers. So another giveaway that an email might be a phishing attempt is if it contains poor grammar or strange phrasing.
The message is urgent or includes a sense of urgency
Phishers often try to create a sense of urgency in their emails in order to get people to act quickly without thinking. They might say that your account is about to be closed, or that you need to take action immediately to prevent some kind of negative consequence.
Of course, none of this is true. Phishers just want to create a sense of urgency so that you’ll click on their links without thinking. So, if an email includes language that tries to create a sense of urgency, be wary.
The email contains attachments that you weren’t expecting
If you receive an email with an attachment that you weren’t expecting, be very careful before opening it. This is another common phishing tactic.
The phisher will send you an email with an attachment that appears to be benign, such as a PDF document or an image. But when you open the attachment, it will install malware on your computer.
If you weren’t expecting an email with an attachment, be very careful before opening it. If you don’t know the sender, or if the email looks suspicious in any way, don’t open the attachment. Delete the email and move on.
The email contains threats or ultimatums
Phishers will sometimes try to intimidate their victims into taking action by including threats or ultimatums in their emails. They might say that your account will be closed if you don’t take action, or that you’ll be subject to legal action if you don’t respond.
Of course, none of this is true. Phishers just want to scare you into taking action without thinking. So, if an email includes threats or ultimatums, it’s a good indicator that it’s a phishing attempt.
The email asks for personal information
Phishers will often try to obtain personal information from their victims, such as credit card numbers, Social Security numbers, or login credentials. They might do this by asking you to fill out a form with your personal information. Or they might include a link that takes you to a fake website where you’re prompted to enter your personal information.
Never give out personal information in response to an email or click on a link that takes you to a website where you’re prompted to enter your personal information. If you need to update your account information, log in to the website directly and update it yourself. Don’t do it through an email or a link in an email.
The email is from a free email service
If an email is from a free email service like Gmail or Yahoo, that’s a red flag. While there’s nothing inherently wrong with free email services, phishers often use them to send their emails because they’re easy to create and don’t require any verification.
So if you receive an email from a free email service, be extra careful. It’s not necessarily a phishing attempt, but it’s worth taking a closer look before taking any action.
Someone with no followers or friends adds you on social media
This one is more common on social media sites like Facebook and LinkedIn. If someone with no followers or friends adds you, that’s a red flag. It’s possible that they’re just trying to build up their network, but it’s also possible that they’re a phisher.
If someone with no followers or friends adds you on social media, be careful before accepting their friend request. Take a look at their profile and see if anything looks suspicious. If you’re not sure, err on the side of caution and don’t accept their request.
Phishing is a serious problem, and it’s only getting worse. By understanding how phishing works and knowing what to look for, you can protect yourself from these attacks.
If you’re ever unsure about an email or a website, err on the side of caution and don’t take any action. It’s better to be safe than sorry. And if you think you might have been the victim of a phishing attack, change your passwords and run a virus scan on your computer just to be safe.