Cyber attack techniques are changing and improving with technological developments, so it’s important to stay on top of the methods they use to deceive you into clicking on a malicious link or email. So with a few common-sense tips, here are the top 5 phishing disguises to avoid.
Realistic Emails
The way many phishing scams catch people is by simply looking realistic. We’ve all seen the scam emails with misspelled words, or awkward phrasing that you recognize as a scam email. But it’s much harder to spot when the email you’ve received looks very similar to an email you would get from a legitimate company such as PayPal, eBay, Amazon or your bank, with the logo and similar email domain name.
Even with the logo on the signature, you will want to take a closer look to verify the validity of the email before clicking on any links.
Urgency Phishing
One technique that scammers often employ is urgency. This tactic allows them to fluster the victim into taking action without taking time to investigate the legitimacy of the sender.
The email may claim that you need to take fast action else you will be arrested, lose thousands of dollars, or miss out on a deal to win thousands of dollars. Especially if they ask for your social security number, or for international workers say that you will be deported, put aside any alarm and examine the context of the email for validity.
The aim is to incite panic in order to inhibit the victim from carefully examining the email for fraud. You’ll always find signs it’s a scam if you take the time to dig deeper, so never rush your decisions or take action that you’re unsure about.
Realistic Domains
When a scammer acts as a legitimate company and is able to mask their domain in a way that makes it seem like their email is linking to the site it says it’s from, it can be a tricky scam to spot. It’s often done using PayPal. You might get an email telling you that your account has been suspended and that you need to take action by logging into your account via the link that the email provides.
But what really happens is that the email links you to the scammer’s domain, and when you enter your PayPal account email address and password, your information is stolen. This leaves you in a situation where the scammer has your login details, and hijacks your account until you are able to get a hold of the company. Head to PayPal yourself to check, rather than following a link.
Scammers are learning to create more sophisticated messages and are getting better at imitating legitimate companies. Always check the email domain of the sender for any letters disguised as other letters, such as ‘rn’ standing in for an ‘m’.
Good email security will stop many of these scam emails from reaching your inbox in the first place.
Job Applications
Opening attachments always poses a risk, and this can be an issue when you’re receiving job applications. The HR in charge of opening emails from job applicants and reading emails is likely to open the attachment believing it's a resume when in fact it’s malware. The virus will then infect the computer and the scammer can go about extracting data from the computer that will allow them to steal money and data from the target of the scam.
The best way to avoid this problem is to use a form for the applicant to fill out, instead of having them send resumes to be uploaded or sent via email. If you do decide to accept email attachments such as resumes, be sure to open them using a sandbox system. This is the safe way to view attachments and how they should always be opened, especially if they’re unfamiliar and from unfamiliar sources.
Company Emails
When you get an email from someone who’s in a position of authority, it’s hard to question it. And ignoring it can seem like a big risk to take, especially if it’s from your manager or boss. But scam emails can take the form of company emails, so this is something you need to be careful of. The scammer might send an email pretending to be an employer telling an employee to complete a task.
The employee then opens an attachment or follows a link and the scammer will then be able to steal their details, either via a malware attack or from a fake login page. If you’re ever in any doubt about the veracity of the email, you should email the person in question and check to see if the email was genuine, and don’t do that by simply replying to the email you received.
It’s unavoidable that you will come across phishing scams, but the best protection is education and knowing what to look for in order to avoid them.