Phishing is a common cybercrime that affects 1000s of people around the world each year. It occurs when a hacker sends you a suspicious email or website with the intention of accessing your crucial online information, such as login credentials, banking details, tax information and so on.
Typically, fraudsters trick you into sharing your username and password on a particular website, and once they gain this information they can use it to commit crimes such as identity theft, emptying your bank accounts, charging your credit cards and even reading your emails. Below are some ways you can identify phishing attempts so that you don’t become a victim:
How to recognize a Phishing Website
1) Check for a Trust Seal. Majority of honest sites have trust seals which are small legitimacy badges issued by 3rd party industry regulators, they show how secure a website is by revealing details such as client satisfaction score, encryptions with SSL/TLS and awards which the website may have received in the past. Some of these seals are also interactive, meaning you can click on them to view additional details about the site.
2) Look out for inconsistencies in web address. Check the site’s URL to see whether it has the correct company name, oftentimes the web-address of a phishing link may look correct but upon closer inspection, you shall notice a misspelling in the company name, or a malicious character/symbol introduced just before or after the firm’s name. For instance, if a website’s original name is ‘thelink.com,’ a phisher may change it to ‘the1ink.com’. In this example, the hacker has substituted the letter ‘l’ with the number ‘1’ which may be hard to detect unless you have a keen eye.
3) Most secure websites have https:// protocol. In the past, websites operated with http:// but they have since changed to https:// which is a much safer option. The final ‘s’ in https stands for Secure, meaning that the website has been encrypted and therefore can’t be hacked by criminals. Additionally, ensure that the website you’re visiting has an additional forward-slash (/) at the end, which is another mark of security. For instance, https://thelink.com/ instead of https://thelink.com.
4) Verify the website’s source if it’s being suggested by a 3rd party. If you are online and a link is suggested to you by an unknown party, don’t click on it until you confirm that the person sending it is legitimate. Sometimes, Phishers may come up with fake identities meant to convince you that they are genuine, such as a representative of a major bank who needs your assistance in making a huge financial transaction. Preferably, do more research on the people you’re communicating with to ensure that they are legitimate before clicking on any website they recommend.
5) Use an antiphishing detection web browser. There are certain browsers with free add-ons that you can effectively use to detect phishing websites, they include Mozilla Firefox and Google Chrome among others.
How to recognize a Phishing Email
Poor grammar and spelling mistakes
Big companies will never send you an email with glaring grammatical errors, if you receive such a message purporting to be from a major firm then chances are that it’s from a hacker. Professional organizations hire copywriters and editors for their email communications, thus if you notice any fake emails it’s recommended that you report it as a crime to the company itself or the mailing service provider.
Suspicious promotions and offers you didn’t sign up for
Phishers may send emails claiming that you’ve won money or awards from promotions that you never actually entered. Such messages are composed in such a way that they capture your attention since they involve a lot of cash or other incentives that are convincing to the eye such as a vacation to an exotic destination in the world.
Additionally, phishing emails may come in the form of alarming messages that are meant to trigger a feeling of excitement or fear, so that you can act fast on what the hacker is proposing without thinking twice about what you’re actually doing. Instead of having a panic response to such messages and clicking on their links, simply visit the official company’s website to verify whether the information found in your email message is accurate or not. Always confirm this before taking any actions that involve sharing your private details.
Unlike messages from reputable companies that will include your name when being sent, phishing emails won’t address you by name but would rather use general terms such as sir/madam when addressing you. The ‘To’ field in their email message may be left blank, meaning it wasn’t specifically meant for you but anyone on the internet who is unlucky enough to come across it. Similarly, the opening salutation may only read ‘Hello or Hi’ and then go straight into the message without actually mentioning your name.
Strange URLs embedded into the email
Most phishing emails have peculiar links that will direct you to a site requiring your login details, where potential hackers may then steal your account information. Oftentimes, victims overlook this detail since the URLs appear to be genuine at first sight, but upon closer inspection, they are actually fake. To be sure, you can direct your mouse over the email portal where you see the actual hyperlink. If it doesn’t look familiar to you then chances are that it’s not safe to visit.
Urgent action requests
If you receive an email that requires you to take immediate action or else you lose on an opportunity, then it’s probably a phishing scam. Such emails are meant to create anxiety in victims since they don’t want to lose on the limited opportunities provided by the fraudster despite the fact that they’re all fake.
For instance, you may get a message that your account will be closed or blocked unless you take certain actions within a specific timeframe given by the hacker. Also note that there are times when the hacker may actually give you a real call when you reply to their emails, just so to give the false impression that they can be relied upon which is not true.