User guide to spotting a phishing scam
When checking our emails daily, it’s not uncommon to see mail purportedly from PayPal, eBay and another universally recognised brands telling us our account with them has been hacked and that we need to log in via the link that they have conveniently provided in said email.
These emails are what are widely known as phishing emails or phishing scams and while some are blatantly obvious that they aren’t the real thing, the emails themselves are becoming increasingly elaborate and hard to distinguish whether they are genuine or fake. This becomes a particularly dangerous threat to the older and younger generations as they are brought into the mainstream of digital media without any of the savvy and knowledge that long term pioneers of the internet have acquired back in the days of dial-up internet and laughably bad email scams. Anyone remember the Nigerian prince wanting to give you money?
It’s fundamental to remember that 99.99% of reputable companies will never send out unsolicited emails or SMS messages – especially to those who are not even their customers. Brand identity and image is simply too precious a commodity for companies. Additionally the majority of companies would not request you to click a link within their communication to rectify a security breach. Genuine companies would advise typing the website URL into your browser yourself and logging in that way thus visiting via a clean link (i.e. what the text says you’re clicking on may not be the destination url). People can thus ensure that they are keeping their details safe without handing over every single bit of information to the people behind these emails. More on verifying a safe link can be read here.
Many large companies have been alerted to the fact that their names are being used in these emails. In fact the perception that a large brand is more reputable and ‘safer’ is one of the reasons they make such lucrative targets for scammers, who prey on the perception of trustworthiness these large brands have cultivated. These attacks are often focused in information sensitive industries, last year one of South Africa’s largest providers of online credit were the target of a phishing operation that targeted the existing Wonga customer base. This resulted in the creation of a fraud hotline that is still live today, allowing customers to report suspicious activity.
Figure 1 above: an example of the phishing text sent to Wonga customers.
With scammers taking advantage of the busier times of year (such as Christmas), it is little surprise that phishing scams seem to be more effective then and more people are taken in by them. With an increase in marketing communication from genuine companies in a push for Christmas sales, it is incredibly easy to bypass a phishing email which you would normally notice.
Taking advantage of people’s vulnerability at such a busy time is big business for these scammers as they know people will fall for it, especially if they are as elaborate and intelligent as some are. Company logos are often used at the top of the email which would instantly help consumers believe it is a genuine communication. Similar email addresses are also used with just one single digit or letter difference from the genuine email address – an eagle eye is needed to spot this difference usually.
With these emails becoming so difficult to distinguish, it is important to report them to a company if you receive one. This way they can take action to prevent vulnerable people from falling for these phishing scams again.
Written by Hannah Harvey – An Independent User Contributor of the above guest content. You can follow Hannah on Twitter