Phishing is a social engineering method used to trick you into giving out personal information (ex: passwords & social security numbers).
Example: You receive an email from a trusted person or company saying to change your password. The message will want you to click on a link. The link will take you to a malicious website that looks like a real site. If you enter your username & password here, you’ve just given the hackers your information.
The email may also have an attachment file that they urge you to open, it will usually have a virus or malware.
Never open links (or attachments) in emails. Always go directly to a website by entering the address in your web browser.
5 Easy Ways To Identify Phishing Emails
1. Who is the email from?
Verify the FROM address in the email looks correct. With most spam/phishing emails you will find that the email address shows some unknown address.
2. How they address you in the email
Since the scammers don’t know who you are, they will use your email address to address you. This is an easy check at the top of the email message. Examples below.
Hi, Hi firstname.lastname@example.org, Hi username,
3. Links can go to malicious sites
First off, never click on links in emails.
Links you see in an email or webpage can take you anywhere. They don’t have to match the text you see.
Example: Hover your mouse over the URL (don’t click) for the Google link below. In the bottom left corner of your web browser, you will see where it will really take you.
For example https://www.google.com/
4. Spelling & grammar mistakes
Scammers are dumb and lazy. They copy and paste messages without checking or they don’t know proper English. You will typically find mistakes in scam emails.
5. Cryptic message
Spam filters will block some of the spam emails, so these scammers try to alter the email message to bypass the filtering. They will use extra spaces between letters and words. Use numbers and symbols in place of letters. Like He11o or H e l l o
Always use caution when opening emails. Expect the unexpected. Suspect all emails are bad.
Also, emails are not the only way phishing happens. It can be in the form of text messages, phone calls, social media messaging (Facebook, Twitter, Instagram, etc..). The same principles apply, just be safe out there.