It has happened to all of us, you are checking your daily emails and you see one that you did not recognize. It probably said something like “You have won a million dollars!” or “We need to confirm your bank details.” In most cases, these subject lines are the first sign of a phishing email. A phishing email is an attempt to obtain private information such as usernames and passwords or credit card information by pretending to be a trustworthy source. Unfortunately, these emails are becoming more and more prevalent, which is why it is important to learn how to spot them and how to handle them.
Scammers use phishing emails to attempt to gain access to your private information. They often launch thousands of these emails a day and hope that one sticks, and most times they do. The FBI has estimated that roughly $3.5 billion was lost to cybercrime in 2019. These scammers are very good at constantly changing their tactics and making these emails look legitimate, however, there are some ways that you can spot a phishing email and protect yourself or your business.
Let us take a look at an example:
At first glance, this email from appears to be from Amazon as a customer thank you. It is not until we look closer that we begin to see some issues…
- Take a look at the actual email address at the top. This email listed as AmazonUpdate@efficaciouscrbay.xyz is fake. We know this because a real email would likely appear to be @amazon.com or something similar.
- Looking further down we spot a shopper member number that likely is a made-up number and does not match your actual amazon account number
- Next, we notice that we would need to visit a link to redeem our award. If this were real, Amazon would likely credit our account with any gift we were being given.
- Lastly, notice the expiration date. It is only 2 days after sending the email. Most companies give 30 days to a year for any sort of gift redemption. This is likely to get you to activate the scam as soon as possible.
When you are looking at a possible phishing email, pay attention to the following:
- The email address where the message is coming from
- Any major spelling errors or punctuation mistakes
- Account numbers that do not match
- Any generic greetings or closures
- Links to redeem rewards or update payment information
- Short expiration dates
If you are unsure whether the email is valid or a phishing email, do not respond to the email and do not click any of the links. Locate a phone number or a known email for the company and reach out to them. Explain that you got an email and you were unsure if it was valid. In this case, I would call Amazon customer service to find out the truth.
If you believe an email is a phishing email, you should report the email via your email provider. If it is a work email, you should also alert your IT department. You can also report an email to the FTC at ftc.gov/complaint.
If you believe that a scammer did get some of your personal information, visit IdentityTheft.gov and follow the specific steps based on what information you think was lost. If you clicked a link or opened an attachment, make sure to update your computer’s security software and then scan for any viruses.
Even when you pay the most attention and get good at spotting phishing emails, sometimes the scammers still get you. They are very good at changing their tactics and making their fake emails look as real as possible. It is important to protect your computer before ever receiving the phishing email. Here are four steps that can help:
- Protect your computer through security software.
- Protect your mobile device by setting up your software to update automatically.
- Protect your accounts by using multifactor authentication.
- Protect your data by backing it up.
Remember, when in doubt, just call the company or email a known email directly. If your information does need updating or you did win a prize, the person on the phone or that your email will be able to help you and you will know that you are not being scammed. Protect your computer, accounts, and data by taking preventive measures. Lastly, do not open suspicious emails if you are unsure about them. Report them to the appropriate sources and delete them.