Do you know how to spot an email phishing scam? Some are really obvious, but others can seem pretty legit.
Phishing is a type of online deception, using fraudulent emails sent to unsuspecting users. It’s designed to steal personal data, such as credit card numbers, passwords or other account information, by masquerading as a legitimate business.
How does phishing work?
In a typical phishing incident, a scammer will send you a fraudulent email message that appears to come from websites you trust – like Vancity or your phone company – and will request that you click on a link where you will be asked to enter your online credentials and provide personal information through a fraudulent website. The scammer will then use this information to access your bank or credit card accounts, spend your money or steal your identity.
Phony emails and websites often include official-looking logos and identifying information fraudsters have taken directly from legitimate websites. These copycat sites, also called “spoofed” websites, are often where people will unwittingly send personal information to scammers.
What red flags should I look for?
Here are eight red flags to look for:
1. The subject line
Scammers tend to use an urgent or aggressive tone.
2. The sender
In the example above, is the sender using a Gmail address? If you said yes, take a closer look! It’s actually g-r-n-a-i-l.com. Sneaky scammers will use email handles that are one letter off from what they should be (e.g., “netftix” instead of “netflix”) so that, at a glance, everything appears official.
3. The time stamp
When was the email sent? This is an especially telling clue when a scammer is impersonating someone you know or correspond with regularly.
4. The greeting
Does it address you by name, by email address or by a generic title? A generic or awkwardly phrased greeting could be the sign of a scam.
5. The spelling
Errors in spelling and grammar are always a red flag.
6. Buttons and links
These are easy for scammers to format and disguise. Get in the habit of accessing your accounts by typing the official URL in a new browser window. Avoid using the direct links in your email messages.
7. The contact info
Does it look sketchy? If you need to verify the legitimacy of the sender, never use the contact information contained within the email. Cross-reference it with a separate web search.
Malicious files can be easily disguised as innocent Word documents, spreadsheets and presentations. Be deliberate about which attachments you choose to open or download.
How do I report a scam?
Email phishing attempts (even the unsuccessful ones) can be reported here to the Canadian Anti-Fraud Centre.
You should also advise the financial institution or other agency whose name was used in the phishing email.