Phishing Scams

No, “Phishing” isn’t spelled wrong, nor does it mean “fishing” for fish. Phishing scams is the term used for fraudulent emails or text messages portraying themselves as if they are from reputable companies, banking institutions or someone you know, in order to get the recipient to click on a link presented in the email or text. That link then takes the user to a location that can infect their computer with malware or a virus. Possibly even hijacking your computer and demanding money in order to get your files back. Or it can capture your login credentials to whatever institution it is falsely presenting itself as. If it is your bank, they will then have the ability to drain your accounts of all money.

This is the primary reason why companies are moving towards Multifactor Authentication (MFA). To avoid phishing scams. Multifactor Authentication is a way of confirming your identity to the institution. For example, a password is one kind of factor, it is a thing you know. The three most common kinds of factors is:

Something you know – A PIN or a password.
Something you have – Your smartphone or a security USB key.
Something you are – Facial recognition or a fingerprint.

These are all methods reputable institutions are implementing to keep not only their customers safe from phishing scams, but also to keep them out of the news for being hacked.

Phishing scams are almost always done through email or text message hoping to fool you into taking the bait and clicking on their link. These fraudsters send out hundreds of thousands, even millions of these phishing messages, knowing that someone will take the bait. Once you click on the link and enter your credentials, they have what they need to empty your bank account or infiltrate your company.

One of the most popular phishing scams as of late is to pose as a fake phishing scam alert from your email provider or your anti-virus application. Don’t be fooled.
Unfortunately, in this day and age we must train ourselves to identify these scams to keep ourselves safe. Do not rely on your email provider, web browser, or anti-virus to protect you 100% of the time. According to one article from January 2023, Americans had lost $40 billion in 2022 to phishing scams.

How to avoid phishing scams

So how do you identify a slippery phish? Become aware of the issue and train yourself on how to identify an email or text message as a phishing scam. There are 3 steps to avoid phishing scams.

1. Look at the senders address

Does the URL match who the sender claims to be? If not, do not click on it! Below are several examples of phishing emails and texts and what a valid email looks like.

2. Read the message closely

Does the email read in plain English and void of any punctuation errors? Or does it use a strange greeting? If not, it is most likely Phishing.

3. What does the email as you to do?

If the email is telling you with a sense of urgency to click on a link and log into your account? Does the email want you to click on a link identifying that you’ve won something, and you need to act fast? Then the chances of it being a phishing attempt are high.

How to identify phishing emails and texts

Email Phishing Scam Example

Here is an example of a phishing scam email. Notice the sender’s email address. The email address is not a valid company email address. There are several issues with the email address of “[email protected]” to easily identify.
First the “nooreply” is spelled wrong. It should be “noreply”.
Second is the “@710271.us” is not from any company and is a great example of a fake email address.
Third, when you hover your mouse over the images at the bottom of the browser window it shows where that link, if clicked, will send you. Though it looks like a valid google address, it’s actually an API link. An API is an Application Programing Interface. That means it is meant to either install something on your computer or take control of your computer or worse. Luckily Gmail put the email in the Spam folder and flagged it as a Phishing scam for us. But email providers, even Microsoft Exchange routinely miss phishing scams. So, it is up to you to protect yourself by knowing how to identify them.

Text Message Phishing Scam Example

Below is another phishing scam example. Though this one is a phishing scam text message. This is easy to identify as phishing. So, let’s go through all of the flags.
First the sender is “@hotmail.com” email address. The USPS (United States Postal Service) will never send you a text message from a hotmail account.
Next is the sender’s ID is random letters and numbers. Again, the USPS will never identify itself as random letters and numbers.
Next is the body of the message does not read in clear plain English. There’s no space between the period and the start of the next sentence in “information.Confirm”.
Lastly, the link is what’s known as a “tiny URL”. Which masks its true value or direction. And asking you to copy the link and put it into Safari is another hint to stay away and just delete it.

Valid Email Example

The image below is an example of a legitimate email from the institution it’s claiming to be from. In this case Experian. You’ll notice that the senders from address is actually from “experian.com”. Hovering over the hyperlink shows that it’s actually going to “experian.com” (not shown in the image below).

Key Takeaways

Phishing scams are easy to identify, if you know what to look for.

Look at the senders address
- Does the URL match who the sender claims to be? If not, do not click on it! Below are several examples of phishing emails and texts and what a valid email looks like.
Read the message closely
- Does the email read in plain English and void of any punctuation errors? Or does it use a strange greeting? If not, it is most likely Phishing.
What does the email as you to do?
- If the email is telling you with a sense of urgency to click on a link and log into your account? Does the email want you to click on a link identifying that you’ve won something, and you need to act fast? Then the chances of it being a phishing attempt are high.