How to Spot a Phishing Scam

In 2020, the FBI’s Internet Crime Complaint Center reported that the most prevalent online scam was phishing, according to a recent article in Via Magazine. Last year in the U.S. alone, unsuspecting citizens lost over $54 million to this type of scam.

“Phony emails and texts try to lure you into clicking through to a malicious website that’s designed to trick you into entering passwords and financial information: That’s phishing—and it’s getting worse, exacerbated by the pandemic and by the fact that it’s such a simple type of attack to pull off,” per Via.

To avoid phishing scams, people need to up their game and be ever vigilant. Via offered some tips to help people detect these types of scams and to evade them.

View everything as a scam. According to Via, people are best off operating under the assumption that any message received that pertains to money, account credentials or requires some sort of urgent action, is fake. One example, per the magazine, is an email that states: “Your account has been charged $300 and immediate action is required.”

Don’t ignore the red flags. Traditionally, phishing scam attacks have had obvious indicators, like poor spelling and grammar, however, Via reports that scammers have been

improving in these areas. Still, typos and the like remain obvious warning signs and people should also be aware of other signs like: The use of “Dear customer” or other general greeting, as opposed to your name; directions to utilize Whatsapp, WeChat, or other messaging system to contact them; and requests for payment in bitcoin, according to Via.

Pay attention to email addresses. While hackers are able to spoof a sender’s email address to make it look legit, more often they create one that’s close but not perfect, per Via. The article says that one way to check if an email is legitimate is to inspect the sender’s address—i.e., a message from amazon1.com is not from Amazon. Likewise, Via suggests looking at the “to” field to be sure your direct email address is listed, as legitimate senders will not BCC you on a message.

Hover over but don’t click hyperlinks. Via warns that the ultimate aim of phishing emails and texts is to get you to click a link; if you do so, you’ll be directed to a damaging website. While links can be disguised, said Via, hovering your cursor over the link—but NOT clicking it—will typically reveal its actual destination. According to Via, any links using URL shortener’s like TinyURL or Bitly should draw suspicion.

Conduct your own research. Online resources exist that enable you to check out a message sender by searching an unknown phone number; this can reveal consumer

complaints or if it’s the company it claims to be, per Via. While the magazine stated that searching email addresses usually doesn’t uncover much, you can safe-check an embedded URL by copying it—but NOT clicking it—and pasting it into the Site Status form on Google’s Safe Browsing page. This will help reveal to you if the site is dangerous without exposing you to the linked website.

Be cautious about unfamiliar calls/texts from nearby areas. According to Via, phone calls/text messages can be disguised by changing the area code and or the prefix so it seems as if they originated from a local person. “Be aware that this is just another tactic to get you to lower your guard,” stated the magazine.