A few months ago, we wrote a blog about how to protect yourself from identity theft. One of the most common identity theft methods of attack is phishing emails. In this month’s blog post, we want to take a deeper dive at the deceptive email tactic.
When you fall prey to phishing emails, scammers can steal things like your passwords, account information, or your social security number. Oftentimes, they’ll steal your information without you even realizing it.
Scammers are also known for constantly switching up the tactics they use to try to steal your information. However, one of the most common methods is to use phishing emails that prompt you into offering up sensitive information. Luckily, there are usually a few telltale signs that someone is trying to dupe you.
Let’s take a look at how you can avoid getting hooked by phishing emails.
What Are They?
Webroot defines phishing emails as a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement, or other means in order to steal sensitive information. They try these tactics on personal and work emails which means you need to stay alert while working on the job.
How Do Phishing Emails Work?
Let’s walk through a phishing email example: A scammer sends you an email posing as a well-known company like Amazon. They’ll then prompt you to update your payment information or log into their website to make a change to your account. They hope that you will respond to the email with your credit card details or click a link that redirects you to a fake website where you will enter your login credentials. If this happens, the criminals have won. They have your personal information. If they are successful in stealing your login credentials to Amazon, then they will try using the same username and password at many different sites, including financial institutions. This alone is a great reason to always create long and unique passwords for each website.
While this example may sound easy to avoid, phishing emails in real life can be quite difficult to differentiate from normal ones. Due to this, these types of schemes are known to cost the American people about $57 million per year (2019).
So, what are a few ways to identify phishing emails?
How To Recognize Them
Phishing emails almost always pose as a legitimate company or organization. This could be anything from Netflix to your bank to a government organization.
Here are a few of the most common reasons that they’ll be emailing you:
- Confirm personal information
- Update payment information
- Receive a government refund
- Receive some type of bonus or free prize
- Alert you of suspicious activity or log-in attempts related to your account
These emails typically use a sense of urgency to claim the prize or update your information. In general, receiving an email for any of these reasons should be met with raised eyebrows, even if it is legitimate.
Now that you’ve identified a potential phishing email, let’s look at how you can make sure that you don’t get hooked.
Can Phishing Emails Be Stopped?
Unfortunately, there is no foolproof way to stop phishing attacks from entering your inbox. One of the best ways to defend an attack is for you to be observant, aware, and always on-guard before responding to an email or clicking on email links. Even the most professional phishing emails will have a few immediate red flags that you can spot. Here are a few of the most common:
- Look out for generic email intros that look automated. For example, it’s rare that a phishing email would use your first name. Instead, it will probably say something like “Hi Dear”, “Dear Sir or Madam”, or “Dear Customer.”
- Be wary of emails from organizations that you don’t interact with frequently. If you don’t have a relationship with the organization already, then there’s no reason for them to be emailing you. Try simply ignoring the first email to see if they follow up with you.
- If an email makes you suspicious, double-check the sender’s email handle. For example, if the email is claiming to be from Netflix but the email handle isn’t “@netflix.com,” that’s a big reason to be suspicious.
- Hover over hyperlinks in the email, but do not click on them. Hovering will show the actual web address which will help determine if it is a legitimate source.
- Upgrade your security software. Many email providers, such as Gmail, do a good job of filtering spam. However, it’s always a good idea to use additional security software.
- Set up two-factor authentication for all your personal accounts. This is a quick way to add another level of security so that even if scammers get your password they will still need a pin code to access your account.
- Utilize an online password manager to help create and save long and unique passwords for every website.
We hope that you’ve found this article valuable when it comes to learning how you can avoid getting hooked by phishing emails. If you ever have any questions, please contact us at questions@FSAinvest.com.
FSA’s current written Disclosure Brochure and Privacy Notice discussing our current advisory services and fees is also available at https://fsainvest.com/disclosures/ or by calling 301-949-7300.
