What Exactly is a Phishing Scam?

Phishing is the act of sending an e-mail to an end user falsely claiming to be a company or person to coerce the person into sharing private information that can be used for identity theft.

It is most common for the e-mail to direct a user to visit a website where they are asked to login or update personal information such as a password, credit card, social security number, or bank account numbers. The website is bogus and will capture and steal any information that is entered on the web page.

Examples of Phishing Scams

There are many examples of a phishing scam. Ebay and Paypal are both websites that are popular for phishing. An important rule of thumb if you receive an e-mail from Ebay asking for information forward it to spoof@ebay.com and they will let you know if it is a spoof e-mail or not.

Warning Signs of a Phishing E-mail

1: The message contains a mismatched URL

Typically you can hover your mouse over the top of the URL and it will display the ACTUAL hyperlinked address (in Outlook) and if it’s different from the address being displayed to you then chances are it’s fraudulent and malicious. Ignore any e-mails with this.

2: URLS contain a misleading domain name

It’s important to know how domain names work. info.cyndrtec.com means that it’s a child domain (info) of cyndrtec.com. Conversely if you receive a link to cyndrtec.ransomware.com that means that it originates from ransomware.com not cyndrtec.com.

3: The message contains poor spelling and grammar

This one is a dead giveaway, a lot of times when a company sends out a message on behalf of the company the message is reviewed for spelling, grammar, and legality among other things. If it has spelling mistakes it probably didn’t come from the company itself.

4: The message asks for personal information

No matter how official it may look. It’s always a bad sign if it asks for personal information. Companies typically don’t ask for personal information through e-mail.

5: The offer seems too good to be true.

If something seems to good to be true, it probably is. That holds true for e-mail messages. They are almost always a scam.

6: You didn’t initiate the action

You get an e-mail message informing you that you won the lottery!! Problem is you didn’t purchase a lottery ticket. Ignore any e-mails claiming you’ve won money, a prize, or a trust.

7: You are asked to send money to cover expenses

Phishing e-mails usually ask for money at some point during the process. If this happens, it’s a scam.

8: The message makes unrealistic threats

Some phishing scams will try to trick you into giving up cash by intimidation. This is in an attempt to scare you into giving your information up. If they are claiming to send lawyers, file a police report, or anything else be sure to get a second opinion on those claims.

9: The message looks like it’s from a government agency

Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

I can’t tell you how government agencies work outside the United States. But here, government agencies don’t normally use email as an initial point of contact. That isn’t to say that law enforcement and other government agencies don’t use email. However, law enforcement agencies follow certain protocols. They don’t engage in email-based extortion—at least, not in my experience.

It’s important to keep in mind all of the above signs of a phishing scam. Once they gain access to your personal information it’s very difficult to clean up later.