The internet can be a wonderful place, a great source of information, entertainment, and connections with others. But at the same time, it can also be a secretive, anonymous place, which allows things like phishing and spoofed website scams to flourish.
How can you identify these hidden attackers and keep yourself from becoming a victim?
Email phishing
Email scams, otherwise known as phishing, have occurred for just about as long as email has existed, for the simple reason that they continue to work. The classic emails are offers for millions of dollars from African princes or sweepstakes winnings. All you have to do is give them your banking information or Social Security Number. With these kinds of phishing emails, you know better (hopefully) than to fall for their outlandish promises.
Next to these clumsier efforts to get your financial information, there are some more sophisticated approaches, ones that you may not be able to immediately identify as fake. They could look like official communications from your bank, your boss, or the government. However, any links in such emails actually lead to spoofed websites or will end up loading malware onto your computer.
How to avoid falling victim to email phishing scams? Hover your cursor over any links to see if they go to legitimate websites. Verify the sender’s email. And note the tone and grammar of the email itself for errors, or for overly urgent-sounding requests for you to take action. If you’re still unsure, don’t click on anything or reply to that email. Try to contact the supposed sender directly by phone or in-person to verify the legitimacy of the email.
Website spoofing
This is where email phishing or text smishing (SMS phishing) can potentially lead. Scammers essentially create a duplicate of a legitimate website—same layout, logos, content, everything—with the intention of compelling you to log-in. By the time you realize that you are not actually on an official website, the scammer has your log-in credentials, which they can use on the real website to access your account.
If a scammer makes the effort to duplicate a website, they aren’t about to do anything halfway. That means that it can be very difficult to tell if a site is fake or not. But there may be some giveaways.
In the main field where a site’s URL is shown, you should see what looks like a padlock right in front of the web address. The presence of that lock tells you that the site and your connection to it is secure. But if you don’t see a lock, the opposite could be true. This means that you should probably leave the site as soon as possible. And, while the page may look genuine, closer inspection could reveal small mistakes: a logo that is slightly pixelated, colors that are paler or darker than normal. It could just feel…off.
Before entering any information, you could try the cursor hover technique over any links on the page to see where they actually go. And simply trust your instincts. If something seems weird about a site, just leave it.
Knowing that there are so many scammers out there may be disappointing. There’s not much you can do about that, except be prepared. As long as you know what to look for and how to protect yourself, you aren’t likely to fall victim to their tricks.
Story by Nissa Hallquist
Share
Contributors
