How to Identify Phishing Attempts
January 17, 2020
It’s always important to protect sensitive, personal information while doing anything online, perhaps never more so than when dealing with your finances. Scammers are constantly coming up with new ways to try and dupe you, so it’s wise to stay informed about potential phishing threats and learn to recognize red flags.
What is phishing?
Phishing is the term used to describe fraudulent attempts to access your personal information, such as online passwords, Social Insurance Numbers, or credit card details. These attempts often arrive as email or text messages disguised to look as though they come from a reputable company you trust and may even do business with, such as a financial institution, courier service, retail store, or even a government agency such as Revenue Canada. Some phishing attempts are sent via voicemail or as social media messages.
What to look out for
When hackers and scammers go phishing, they need to make a catch. So anytime you receive a message that asks you to provide personal data, click on a link to redeem an offer or coupon, or download an attachment, make sure to give the request a careful look before taking any action.
At first glance, it may appear to be legitimate, with logos and branding that match a well-known company. However, many phishing attempts contain elements that can reveal the scam. Keep the following in mind with any message you receive.
Trustworthy businesses know our names, and don’t tend to ask for our details online
By and large, the businesses we interact with online know who we are and address us by one or both of our names when they send us something. Scammers are more likely to send generic messages without a personal salutation.
Also, trustworthy businesses don’t tend to send us online messages that ask for personal account information or instruct us to download forms or click on links to provide ‘missing’ details. If you receive such a message, simply opening the link or downloading the attachment could create problems, even if you don’t enter any sensitive information. If you’re unsure about any message, contact the relevant business directly and ask them to confirm the validity of the request.
Is the message meant to scare you?
Hackers often prey on our insecurity and fear in order to get us to act. They’ll send messages warning that your account has been compromised and needs to be secured. They’ll claim a payment can’t be processed and warn that service is about to be withheld. They’ll insist urgent action is absolutely necessary. It’s important not to panic and get sucked into the scam. Even if the situation sounds serious, you can always check it safely by contacting the company directly instead of responding to the message.
What’s the sender’s email address?
Scammers dress up their fraudulent messages with branding and logos that may look convincing, but a close inspection of the sender’s email address can give the game away. Many of us never look at the address on most e-mail messages we receive, but you can easily check it by mousing over the sender’s name on your computer, or checking their contact information on a mobile device. Look for irregularities and misspellings, or unnecessary numbers added to a company name – it could mean the sender doesn’t actually represent the business they claim to.
Does the link address look legit?
When you hover over a link on your computer, the link address shows up in the bottom corner of your browser. Before you click a link in any suspicious messages that show up in your inbox, hover over it first to see where it’s sending you. Check whether the address has any obvious connection to the business the message claims to be from. Make sure to read it carefully – some links are disguised to look legit but have extra letters or deliberate misspellings meant to fool you.
It’s also worth checking to see whether a website is secure before you open it – look for “https” at the start of the link address.
Is the message badly written?
Legitimate companies aren’t immune to errors, but their messages are generally professionally written and spelled correctly. Not all scammers are so careful with their grammar, and simple syntax errors are often a sign of something suspicious. If you notice a typo, or more than one, start checking for other red flags and take caution.
Stay safe online
Consider installing the latest antivirus and malware protection on your computer to help protect yourself from online fraud attempts. If you get a text message that looks suspicious, block the number before deleting it.