By Fran Mariutti
For The Signal
Online scams are unfortunately getting more and more frequent, and one way to be scammed on the internet is phishing. Everybody has probably heard of it, but not everyone may know just how it works and how to protect oneself from it.
Cybersecurity expert Tove Marks from VPN Overview can help with this, providing tips to avoid phishing scams, while spreading awareness on the practice and how dangerous it can be.
What is phishing?
Phishing is a cybercrime that compels the victims to give out personal information or cybercriminals, such as bank details.
The most common form of phishing is through emails, which look like they have been sent from official organizations or people you might know. These emails can be extremely accurate to make them look as real as possible, and within it there will usually be a hyperlink or an attachment for the victim to click on.
However, phishing can be also come in other forms, such as social media messages, invoices and phone calls.
How do I recognize phishing emails and messages?
- Greetings, language and grammar
The easiest way to recognize an illegitimate email is to check for grammar and spelling errors. If the criminals are not English-speaking individuals, mistakes are huge red flags to pay attention to.
Moreover, as these emails are sent to a large number of people at the same time, they will most likely not be personalized. Another thing to look out for is the sense of urgency that the message communicates: words such as ‘URGENT’ or ‘IMPORTANT’ can be a giveaway.
But this is not always the case, as some phishing scams are extremely accurate and none of these red flags might show. In that case, there’s more you can check to recognize a scam.
- Check the sender’s email
As phishing emails are meant to look official and sent by organizations such as banks and so on, it’s important to know the real email address of such organizations. Since they’re not part of it, the scammers will likely use similar formats, but in different combinations. The easiest way to make sure the sender is trustworthy is to check on the official websites the email address or phone number of the organizations.
- Don’t share personal information
Regardless of the email address you receive a request from and the contents of such email, remember that no bank or other official organizations will ask you for your personal information, and if you receive a message that asks for some of it, always treat it with suspicion.
- Beware of attachments and links
The ultimate purpose of an email of a phishing scam is to have the victim click on an attachment or a link, and this could already install spyware on your device which can extract personal information without your knowledge after you’ve moved on from the email or message.
Do not click on anything that you cannot trust and that you do not know, and always double check the format of the attachment, as well as the address of any link.
- Trust your instincts
Generally, any person who uses the internet knows to question to anything you might find suspicious on it. Because of this, when you’re not sure whether you can trust an email, a message, a website and so on, don’t.
Rather, ask for clarification from the agency or organization that is presumably asking for info through official channels such as an app or an official phone number.
How do I avoid having to recognize phishing in the first place?
Most browser and websites do recognize phishing emails and spam, and to avoid having to deal with them at all always remember to use two factor authentication on your accounts, as it might be lengthier, but it is safer; activate your spam filter and finally only share your details and personal information on secure websites.