Phishing Scams And The Simple Ways You Can Protect Yourself

What Are Phishing Scams/Emails?

Phishing scams or emails are fraudulent emails that impersonate banks, tax authorities, online payment portals, and shopping sites, etc. They look exactly like a real one from the actual source. These emails have catchy subject lines that infuse a sense of urgency in the victim. Subject lines like: “Your payment for Order ID 4579012 is due”, “Your order has been shipped” or “Tax invoice for the financial year 2017-18” always have a magical impact on people. Even if people are aware that they didn’t order anything recently, they still become curious and open these emails. And sometimes it happens that people are awaiting their tax returns when they receive such messages. And they simply cannot wait, think, or analyze before opening those emails.

Our first and most basic warning is always the same: DO NOT OPEN THE EMAIL! But then again, how do we know if it’s indeed a fake one if we don’t even open it? Phishing scams are skillfully crafted to pass this keen sense of observation that you might develop over time. However, there are several other means to demarcate an email as fraudulent once you have opened it.

What Are The Forms Of Phishing Emails?

The primary motive of attackers when sending phishing emails is to lead the victim to a fake or “spoof” website to rob the victim of his or her private or sensitive data. These emails used in phishing scams appear very genuine but contain a suspicious URL in the web address bar.

Phishing scams that make use of fraudulent emails can impersonate a wide range of platforms. Following is a list of the most popular ones used by attackers to lure people into following their lead:

PayPal

Attackers have often used the brand name of PayPal to carry out their phishing scams. But what you must remember here is that PayPal never send users emails with links to solve whatsoever problem that may arise in the user’s account.

In case such an email does reach you, and you are suspicious, you shouldn’t open that email. Delete it, and report it to PayPal at this address: spoof@paypal.com

Banks

Banks are a common and popular facade used by adversaries. This is so because they present one of the most natural and most credible means of disguise that ensures easy money into their accounts. Cybercriminals create malware or password-cracking apps and share or sell them to others for quick monetary gain.

In case such a bank-related fraudulent email makes it to your inbox, be on your guard and make sure not to fall prey. Do not, under any circumstances, enter your credentials, for that would mean ultimate doom for you. There are companies like Infosec IQ that provide knowledge about safety and security from these phishing scams. Individuals and companies should incorporate email security services into their systems to be better prepared to face a phishing attack.

iTunes

Another way that attackers try to get into your system or get details out of your system is via the iTunes Store and App Store, iBook Store, etc. They send you emails informing of some purchase that you had made (or had not actually made). If unsure, you can cross-check the same in your app history.

But if you still feel vulnerable, or even if you have a speck of doubt about the authenticity of the email, then you should immediately report that on this address: reportphishing@apple.com.

Google Play Store

Many people have complained about receiving an email from an address that looks like support@googleplaystore.com and hence thinking it to be credible. The email informs them of the purchase of an android app they made from the Google Play Store. Out of sheer curiosity and owing to the fake genuineness that these emails uphold, they fall badly into the attacker’s pit of fraud and end up losing vital sensitive data.

UPS

United Parcel Service is also a significant medium via which fraudsters con users. These emails that appear to be the genuine ones sent by UPS are one of the key reasons why US residents fall prey to phishing scams. In case such an email reaches you, and you have negative notions about it, you can forward the same to this address: fraud@ups.com. You can rest assured that UPS will take it up from there and get back to you with a proper report of whether it was a fake or a genuine email:

How To Avoid Phishing Scams?

The bad guys out there are always on the lookout for innocent people who believe their impersonated emails to be valid. But as conscious and vigilant users of the web, everyone has to ensure that they stay protected from these evil attempts of adversaries with the help of email security service. Here are a few ways to minimize the loss caused by phishing scams:

• Never click on links: No matter how curious you are to find details about the unusual email that has reached your inbox, never open it or click on the attached links. You must know that companies seldom attach links to log in to their site. You must always log in by typing out the URL yourself instead of choosing the lazy way of clicking on the link given in the email.
• Do not enter information: Even if you open an email or a link, make sure not to enter any personal details. Do not, at any cost, input any of your credentials such as bank details, passwords, or security codes.
• Hover mouse over URL: This is an old technique, and many people believe that this is ineffective. But if you are a keen observer and want to know the end source of an email, then you can try hovering the cursor over the URL attached to the email. You can usually see whether the link leads to the official website.

Final Words

Phishing is the most effective means for cyber adversaries to lure innocent, oblivious, and unsuspecting users. The highly sophisticated phishing methods make targets believe that the email in their inbox that claims to be so-and-so is genuine. They also think that they need to make an immediate payment, failing to do which would lead to severe damages to their data or accounts. This technique of instilling fear in the minds of users works swiftly nine out of ten times. Users click on the links in the emails reflexively and go on to enter sensitive data such as their username, password, security code, credit card details, etc. The result of this is nothing but financial losses and identity theft for individuals, and reputational losses for organizations.