One of the most common types of computer scams is phishing -- an attempt to steal someone's personal information by pretending to be a legitimate entity. Typically, these phishing attacks come via email.
While laughably obvious email scams have dropped in popularity, new forms are even harder to detect. Everyone should know how to spot some common forms of phishing, especially business users who are at risk for exposing company data.
Let's break down some of the most popular types of email phishing.
A Friend Needs Help
Email scammers will sometimes pose as one of your friends, asking for some money to help them out of a jam. This can happen if your friend's email account gets hacked. Usually, their stories involve an event such as mugging, arrest, etc. that leaves them without cash or credit cards.
Of course, these stories are bogus. The scammer is hoping you buy the story and wire "your friend" some money to help them out. If you're concerned that your friend actually needs help, give them a call. Chances are they'll have no idea what you're talking about, exposing the scam.
The CEO Scam
A popular corporate spin on the friend asking for help scam is particularity dangerous.
In this type of email, someone pretending to be the CEO emails the CFO and asks them to wire funds to a certain entity. If the CFO doesn't stop and think, they may mistakenly send company funds to a scammer.
To make this tactic more convincing, attackers often find out as much info on the company's CEO as possible. The better they can fake his email style, the more chance the CFO will believe that it's a legitimate request.
A good way to prevent these scams from affecting your company is to have a formal system in place for approving wire transfers. Simply checking in with the CEO before deciding to wire the funds will quickly uncover the farce.
Problems With a Financial Account
An ultra-popular phishing tactic involves a fake email from your bank, PayPal, or a similar company. The message usually claims that they've noticed some suspicious activity on your account, and that they're frozen it until you log in and review the incident.
If you follow the links in these emails, you'll be handing over your credit card, password, and other sensitive information to a con artist, not your bank.
Email spoofers also love to alert you that they detected a virus on your computer. Usually, these claim to come from Microsoft, an insurance company, or similar. To remove the infection from your computer, they ask you to follow a link or download an "antivirus" attached to the email.
The reality is that Microsoft and other companies will never contact you about a virus on your computer. Aside from your IT provider, no corporation like Microsoft is actively monitoring your PC for problems; these threats are completely false. This also applies to phone calls from "tech support" claiming to represent Microsoft.
Another phishing tactic is to accuse the email recipient of some negative activity. Sometimes these emails pretend to come from the FBI and claim that you've viewed illegal content online. You might even get a warning that you're being forced to move out of your house.
All these types of emails have the same purpose -- they want to make you worry. When you get these messages, you'll naturally think that you've done nothing wrong and want to follow the links provided to explain yourself. Don't do this -- it's what the scammer wants.
Requests to Confirm Information
Another favorite tactic of phishers is a seemingly innocent request for you to confirm your information. These can be especially deceptive as they pretend to come from a company you regularly deal with. Unfortunately, "confirming" your password with these fakes is handing it over to an attacker.
Legitimate companies will never perform "routine checks" asking you to verify your information. You should be suspicious of any email asking you for details that the company already has.
General Advice and Telltale Signs of Phishing
We've looked at five popular types of phishing emails. No matter the form, though, there are some common signs of fake emails. Here's some advice to keep in mind:
- Typos and grammatical errors are a huge red flag. Reputable companies employ professionals to send their emails. Emails that are written entirely in lowercase, contain lots of spelling errors, or don't use any punctuation are almost certainly fake. But that doesn't mean that proofread emails are always safe.
- Watch for generic greetings. Companies that you've dealt with will almost always start legitimate messages with "Hi Fred" and not a generic "Dear Sir or Madam". The latter is a sign of a fake email.
- Beware of email attachments. Unless you're specifically expecting an attachment from a company, treat any attachments as a sign of a dangerous email.
- Never click links in emails. Following links in emails will lead you to spoofed websites. If you're not sure whether your PayPal account really needs your attention, visit PayPal.com in your browser.
- Nobody will ever send you money through email. Messages claiming that you've inherited millions or won some lottery are fake.
- When in doubt, contact the company in question. If you need to confirm that a message is bogus, simply give the company a call or use the chat function on their website. Make sure to find their real website -- don't call any numbers from the email.
In summary, be skeptical of emails that ask you for personal info, contain attachments, or ask you to click a link. It's easy to forget about fake emails and just trust the sender, but that could lead to someone stealing your private information.