Phishing scams are one of the most common cybercrimes, and they aren’t showing signs of slowing down. Cybercriminals go to great lengths to make their scams look authentic, and artificial intelligence is bound to bring up more challenges as it starts to roll out more broadly.
It isn’t always easy to detect phishing scams, according to the cybersecurity experts at ESET. Here, they share the red flags and how to avoid phishing scams.
What is a phishing scam?
There are many types of phishing scams. But generally, a scam is a fraudulent email or site that attempts to trick the receiver into handing over sensitive information and/or aims to infect their device with malware. Also known as “social engineering attacks,” the scams appear to be sent from reputable, legitimate sources (like banks, utility companies or online payment systems), with familiar logos and content. The scam might be activated if you click on a link or attachment within the message, or if you simply open it.
5 ways to spot phishing scam emails
Suspicious emails and sites often have similar features. These are the biggest red flags to look out for.
#1 It requests personal information
As a golden rule, trustworthy companies won’t ask you to confirm any personal or sensitive information over email. Think: passwords, login information, tax file numbers, bank account or credit card details. Legitimate companies have cybersecurity measures in place to protect your data. If they need to communicate with you or alert you to an issue, they’ll use a secure platform that requires a few steps to log in. For example, banks and other financial institutions typically only send messages via their online portals, and in most cases you’ll need to provide multiple credentials to sign in — like a username, password, one-time code or fingerprint.
In these situations, don’t reply to the message. Instead, contact the sender another way to confirm whether they sent the email and if not, report it to their IT department.
#2 It tries to get you to take action
Panic is the cornerstone of phishing scams. Cybercriminals tend to prey on emotions like fear or anxiety to encourage their victims to respond to the scams. And they’re often successful — email scams spiked during the pandemic when people around the world were dealing with uncertainty. Some phishing scams also make you think you’re doing something wrong. For example, you might get an email saying there’s a problem processing a payment, and you need to verify your banking information. Scams usually have a sense of urgency attached to them, and receiving an email about an account in poor standing might catch your attention.
Chances are, you’ve been exposed to a scam with one of these themes:
- Your account’s on hold because of a billing problem.
- You need to update your payment details to continue using a service.
- You must click on this link to make a payment.
- You’ve won a competition.
- You need to confirm personal or financial information ASAP.
- You’re eligible for a refund or rebate.
- Your account is compromised.
- There’s suspicious activity on your account.
As for how to recognise a phishing email, those are just a few ways. Phishing scams are becoming more widespread and creative, so we can expect that list to get longer each year.
#3 The message is riddled with errors
Poorly written or grammatically incorrect messages are giveaways of a scam. If you notice typos, spelling mistakes, strange punctuation or odd turns of phrase, proceed with caution. Most legitimate companies lean on professional writers and editors to craft their content and check it for spelling and syntax. Well-written content inspires consumer confidence and trust and helps to reinforce a company’s brand, so it’s highly unlikely you’d receive an email full of errors from a reliable company.
That being said, artificial intelligence (AI) has the potential to shake up cybercrime. Language-based AI systems like ChatGPT can create convincing, articulate copy in seconds, and we predict cyber criminals will be relying on AI for phishing scams in the future.
#4 The email address has a different domain name
Scammers often create new email addresses for their work. If you receive a suspicious email, hover over the sender’s address to make sure it matches other communications from that person or company. Most businesses use simple email addresses with employees’ first and/or last names, and many buy their domain names and issue email addresses based on those. This means their emails come from an address ending in @companyname.com, rather than @outlookl.com, @gmail.com and so on.
You also want to check whether the email contains numbers or special characters. For example, you may have gotten emails in the past from [email protected], so an email from [email protected] might be suspicious.
#5 It has unsolicited links or attachments
It’s unusual for a legitimate company to include a lot of links or attachments in their communications. Again, they would be more likely to send you to a secure portal to access or download that kind of information. It’s especially rare for a company to send an email like that out of the blue.
If you receive an email with an unexpected attachment, it could contain a malicious URL or “trojan,” a hack that installs a virus or malware on your computer or network. Avoid clicking on it, and scan it using antivirus software first. It’s a good idea to get into the habit of doing this with all attachments, even if you think they’re genuine. Email spam filters keep many scams out of your inbox, but they’re not perfect. ESET’s Mail Security strengthens the security of your inbox by providing anti-spam, anti-phishing and anti-malware protection. It also combines machine learning and big data to respond to known and new threats in real time to keep your data safe and secure. Mail Security is a key feature of ESET Protect Mail Plus, ESET Protect Complete and ESET Cloud Office Security.
You can also keep an eye out for suspicious file types, like .exe, .scr and .zip. As for links, hover over them and check whether the URLs begin with https:// — the “s” stands for “secure,” which means you’re accessing the site with the help of Secure Socket Layer (SSL) technology.
Protect yourself against phishing scams Along with training your eye to spot phishing scams, you can protect yourself by investing in high-quality antivirus software. The best security software offer a multilayered defence against a range of cyberthreats, including phishing, malware, ransomware and identity theft. Most premium software can be installed on multiple devices under one licence, which means you can protect your desktop, laptop and smartphone without spending additio