How to Tell a Phishing Scam From a Real Email
|
| Google is not deactivating your Gmail account. |
If you have an email account, you've been the target of a phishing scheme. Chances are, too, that you've opened up fake emails and thought they were the real deals.
Even the most Internet-savvy people have been duped by phishing emails. That's the whole idea the more the authentic the email looks, the better the chances the cybercrooks can do their dirty work.
Scammers are trying to lure and trick you into giving your private information and login so that the scammer can steal your money or your credit-card information , said Lori Fraijo Raygoza, chief executive of ChicaLogic, a technology-solutions provider in Boca Raton, Fla.
They are getting very creative by leading you onto a Web page that looks 100 percent like your bank or PayPal sites, Fraijo Raygoza said. Then, when you log into the fake site, the scammer will know your real login at your real bank .
There are three basic types of phishing emails, explained Bradley Antis, vice president of technical strategy for Orange, Calif.-based M86 Security.
The first kind looks as if it's come from a real company and includes an attachment, usually a zip file.
However, if you look close at this type of email, you will notice strange language and spellings, and there usually isn't a company logo anywhere, Antis said.
Scammers like to spoof delivery companies in these kinds of phishing emails. Getting an email from UPS or FedEx warning of a problem with a delivery will pique anyone's curiosity.
The recipient thinks they are getting a surprise package, Antis said, so they open the attachment which is actually loaded with malware.
The second type of phishing scheme again looks like it comes from a company, but there's no attachment URL links are embedded directly into the message.
These emails often do include a company logo and commonly are targeted at specific individuals a practice known as spear phishing .
Spear-phishing emails are sent to people who would have a natural interest in the company that the senders pretend to come from, such as a retail business or federal agency.
The URL links, if clicked, take the user's Web browser to a phony but authentic-looking website or to a site that downloads malware to the computer.
The third type of phishing email doesn't have any attachments or embedded links. It appears to come from a government agency or bank, and it states that information is needed from you because there is a problem with your taxes or because you are due financial compensation.
These emails ask for bank-account information, Social Security numbers, addresses and other personal information that makes things easier for identity thieves .
In many cases, it is very difficult for people to tell a real email from a phishing email, said Antis.
Antis and Fraijo Raygoza have tips on how to avoid phishing schemes:
- Never open an attachment in emails from an unknown source.
- If an email is from a known source, double-check the address of the sender. If it isn't from the company's official domain, it is likely a fake.
- Don't click on Web links embedded in an email they can secretly take you to places you don't want to go. Instead, type each URL into a Web browser.
- Use spam filters that will redirect phishing emails to a junk-mail folder.
- Don't automatically trust the email, even if it looks as if it came from an institution you do business with. Call the business if you aren't sure.
Armed with that information, your e-mail experiences will be a lot less risky, if not entirely worry-free.
- Why You Need to Worry About the Epsilon Email Data Breach
- Identity Thieves Setting Sights on Kids, Report Finds
- Security and Privacy Software Review
