Spotting Email Phishing Scams
For some, spotting email phishing scams is a part of daily life. You check your email, see something that’s off in an email, and delete it shrugging it off as another attempt to get your personal data. However, not everyone is privy to the many ways scammers attempt to get your information and/or take over your email account or device. The good news is there are easily identifiable tell-tale signs that an email is a phishing attempt. The bad news? Scams like these aren’t going away anytime soon and scam artists are getting better and better at making their emails seem legitimate.
Let’s take a look at ways you can identify an email as a phishing scam so you don’t have to worry about protecting your personal data and can be knowledgeable about what’s most likely a real email and what’s not.
First, we’re going to set things up. Imagine that you’re a subscriber to a fictional company called MyAccount. MyAccount offers a service that you use on a regular basis and you’ve received email communication from them in the past. We’re going to use this pretend company, MyAccount, throughout this article.
Now, imagine you receive the email above, Figure 1, asking you to update your account information. Initially, this looks like a harmless email from MyAccount asking you to do a simple task in order to protect yourself from future problems. However, upon closer investigation, you can see some glaring issues that this email is in fact a phishing scam. Let’s start at the very top.
Know the Sender
As you can see in the highlighted area in Figure 2, John Doe is the name of the sender, but upon closer inspection, you can see that the email address is different, it’s email@example.com. Maybe in the past you have received an email from a John Doe at MyAccount. Scammers use that information to try and trick you, so if you look at the email address and it doesn’t match the email address in emails you have gotten from John Doe in the past, then it’s likely it’s a scam.
Also, note in the email address, firstname.lastname@example.org the domain, or second half of the email address, isn’t MyAccount.com it’s DifferentURL.com. If the email address doesn’t match the company’s domain then it’s likely a scam. If you were actually getting an email from John Doe at MyAccount his email address would probably be email@example.com or a similar variation. Remember, check to see if you have other emails from the named sender that you can verify the email address compared to the new potentially sketchy email.
Moving down the email we get to the greeting. If you look at the highlighted area in Figure 3 above, this is a relatively harmless and kind greeting, right? Yes, it is, and many companies will use very generic greetings, although, nowadays a lot of companies use your actual name in email greetings. Often, but not always, spam is very impersonal, and the greeting is just the beginning. If the email greeting is impersonal, definitely check other key areas of the email (which we will cover more of below) to verify its legitimacy; such as the name of the sender and the email address discussed above.
Bad or Peculiar Grammar
Now, let’s take a look at the body of the email. This is the meat of the sender’s request. As you can see in the highlighted section of Figure 4 above, the body is not written with the best grammar, “commit” should be “commitment”. Whenever you see an email from a company, it’s often been reviewed for spelling, grammar, legality, and other information. If the message is littered with spelling and grammar mistakes, it’s likely it didn’t come from a company looking to make updates to your account.
Also, if you receive an email seemingly from someone you know, but they use language that is peculiar or out of character for that individual it’s probably a good idea to evaluate the legitimacy of the email. It could be another phishing attempt, and odd language use is a great way of spotting email phishing scams.
Links on Links on Links
This is where things get a little more complicated, but still very easy to check and verify. Many people might not know that if you write out a URL or website in an email like “www.barberfinancialgroup.com” you can actually hyperlink it to a completely different URL or website. Another thing people often don’t realize is that if you take your mouse and hover over links in an email, a little box shows up either next to your mouse or in the bottom left corner of your browser that shows you where that links is going, or its destination.
In the highlighted areas in Figure 5 you can see that when the mouse is hovered over the links or the hyperlinked image the URLs are different than expected. This is especially noticeable on the www.myaccount.com which is a typed-out URL that happens to link to a completely different URL, www.differenturl.com/malicious/. Making sure to check suspect links before you click them is crucial to preventing getting caught in a phishing scam and a key factor in spotting email phishing scams.
As you can see in Figure 6 this email came with a pretty empty threat to suspend your account without action by a certain date. While most phishing scams rely on trying to trick people into action, some result to threats. If you see a threat in an email such as an account suspension, asset seizure, etc. chances are the email came from a scammer trying to appeal to your emotions.
Figure 7 shows us just how creative email scammers can get. Scam artists can get very resourceful and meticulous when they craft phishing emails. They will grab logos from the websites of companies they are trying to emulate and even sometimes include copyright language at the end in an attempt to further legitimize how the email appears. Remember, always peel back that extra layer by hovering over things like the logo image to check the where the image is linked. If it’s not to the company’s website to which the logo is from it could definitely be a phishing attempt.
Whether the email looks official or not, it normally sends the alarm off when an email requests personal information. At Barber Financial Group, we will never ask for your password, credit information, or answer to a security question via email, and neither should any other company for that matter. Additionally, we won’t ask for approval for transactions or any other financial information via email, and to be as safe as possible neither should you. As a general rule of thumb, if you’re ever curious if the email you receive is legitimate, it’s okay to call and verify the email with that company.
What to Do if You Catch the Phish
If after investigating the questionable email you determine that it is, in fact, an attempt at phishing, great! Now, just delete that email or move it to the trash. If you happen to click any of the links in the email and it takes you to a page with a form or other links to click do not provide any personal information or interact with those links. Close the webpage in your browser and delete the email. Also, if you happen to click any links in a phishing attempt it’s a good idea to do some protecting just in case that link is all the scammer needed you to click. It’s smart to back up your files and change your login credentials across the board. That means all of your passwords, which is not fun to do but safe personal information is worth it in the end. It also never hurts to scan your machine with malware scanning software of which you can find a variety of options from Malwarebytes to Norton Antivirus.
The Fight Isn’t Over
Methods for spotting email phishing scams are going to continue to evolve. These are just a few tips to start being a little more vigilant when you’re combing through your emails. Our goal here is to make sure that everyone’s private information stays just that, private. We want to educate our community to make sure no one falls prey to those pesky email scammers. Stay tuned for more articles this summer on protecting your personal information online as well as a brand-new seminar on this very subject. Just like we want you to be educated and safe online, we want you to be secure in your financial future.
We offer a complimentary retirement plan review, where a Barber Financial Group advisor will sit down with you and review your current retirement plan giving you an idea of where you stand today and where you could be in the future. If that sounds like something you would like to try, give us a call at 913-393-1000 or fill out the form below and an advisor will be in contact with you.
Investment advisory services offered through Barber Financial Group, Inc., an SEC Registered Investment Adviser.
The views expressed represent the opinion of Barber Financial Group an SEC Registered Investment Advisor. Information provided is for illustrative purposes only and does not constitute investment, tax, or legal advice. Barber Financial Group does not accept any liability for the use of the information discussed. Consult with a qualified financial, legal, or tax professional prior to taking any action.