One of the most popular ways to get your information is to simply ask you for it. It’s true. These phishing attacks are becoming more and more clever and convincing every day. Knowing what to watch for is essential in making sure you protect yourself, your data, and your finances!
Attacks can happen over your email, a text message or even the phone. No matter the battlefront though, there are always some telltale signs that the request is NOT legit.
It’s an emergency
One thing attackers use to try and trick unsuspecting folks is a sense of urgency. They will tell you something is extremely wrong or your help is needed right away. The attackers try to trigger your fight or flight response hoping that you will act before you think. Some of these tactics include telling you that you have already been hacked.
A recent phishing scam told Apple users that their Apple ID has been locked for security reasons. In order to unlock their ID they need to click the link! Once you click the link the attackers will ask for your Apple ID and password. People will enter the information thinking it is Apple’s website (because it looks like it is).
The best way to protect yourself from this type of phishing attack is to never react before you think when you get an urgent email, phone call or text. Take a few deep breaths first, and try to think if that particular company would contact you in that manner.
English or wording is a little off
I recently got a text message from “FedEx”. Unfortunately for the attackers, I get texts from FedEx all the time, and they don’t look anything like what was sent.
This is what FedEx usually sends me
And this is what the phishing text looked like
There are a few glaringly obvious things about the fake FedEx text. First… I know I get a lot of packages, but even then I don’t think FedEx considers me their mate. Maybe I just don’t put out enough goodies for the delivery driver?
The second problem with the text is that FedEx’s branding has a Capital F and a capital E. They would not stray from their branding by putting the whole name in caps.
The grammar is also a bit off. There should be a period after “waiting for you” and a capital on the T of To set delivery preferences.
Finally, the URL in the legit text clearly states fedex.com, when the URL in the fake text is a bunch of garbage. However, don’t trust a URL just because it SAYS it’s the correct one. This is just one of the many problems with the fake text.
It’s asking for things that seem strange
Another big red flag when trying to determine a phishing message is if it is asking for things that seem strange. One type of message I see people falling for a LOT is a message that appears to be sent from their boss or someone else they know.
The attacker, pretending to be someone you know, asks you for a favor. Once you engage with the attacker they ask you to go purchase a gift card and send them a photo of the numbers. At that point it should be fairly clear that the message isn’t coming from the person you know.
Someone you know would ask you to send them Venmo, or something else. They certainly wouldn’t need a gift card. One attacker, claiming to be my boss asked me to go get 2 $500 gift cards to Hotels.com. There would be absolutely no need for my boss to have those gift cards. It most certainly was a scam.
Now that you understand some of the signs of a phishing attack, there are a few ways to protect yourself!
2FA or Two-Factor Authentication makes you use something you know (usually a password) and something you have (usually your phone) in order to gain access to your account. Using this system, even if an attacker gets your password because you accidentally gave it to them, they still won’t be able to access your account.
Some attackers are pretty clever with this and will set up their system to ask you for your 2FA code as well. NEVER tell someone your code over the phone, and make sure to only enter your code on the correct websites.
Make sure you are on the right website
Attackers have gotten very good at making their fake site look a lot like the original. The only thing they can’t fake though is the address at the top of the browser. When you look in the address bar it should have the company name next to the .com. For example, fedex.com would be legit. If it says something like fedex.deliverysystem.com it is NOT legit. Anyone can put any words in front of the real domain name. So make sure whatever is right next to the domain extension (ie .com) is the correct name like this.
Never click a link in an email
If the email sounds a little phishy, never ever click the link provided. Open up a web browser, and go directly to the company’s website. If you are able to log in, and there are no messages telling you something is wrong with your account, you should be just fine.
Google the message
If you are still on the fence on whether or not the message is legit, copy some of the text of the message and paste it into a Google search. You should be able to find some more information about the message.
The biggest thing to help protect yourself from being caught by a phishing attack is to step back and take some deep breaths before you react. Once your head is thinking clearly, you should be able to judge the validity of the message. 9/10 it’s going to be a phishing message.
Now that you have learned to protect yourself, teach your kids to do the same!
This post may contain affiliate links, which means I receive compensation if you make a purchase using the links.
Sarah Kimmel is a digital parenting coach and family tech expert. She has spent the last 16 years of her career as a Microsoft Certified IT Manager supporting over 100 small businesses. During that time she started Family Tech LLC to help families understand and manage the technology in their home. She has regularly appeared as a family tech expert on KSL News, BYUtv and Studio 5, and has been invited all over the world from tech companies like Lenovo, Verizon, Microsoft, Dell, and Samsung. Find out more on her website SarahKimmel.com