How to Recognize and Evade Phishing Scams

Written by: Spencer Weis, Key Account Manager & Systems Administrator at Wright Way 

Phishing is the act of tricking a user into revealing their personal information or installing malware on their device. Like fishing for sport, phishing attackers use phone calls, emails, and fake websites to mirror legitimate ones as bait to lure users into a false sense of security and ‘hook’ their information for malicious use.

What to look for

Phishing attacks are constantly evolving and are most commonly implemented via email or pop-ups. Phishing emails are designed to mimic real emails with the intent of causing the user to panic and look to the scammer for help. When determining whether an email is legitimate, there are three main things to look for:

  1. Sender address
  2. Urgent action/phone number
  3. Bad spelling or grammar

Sender Address

The most obvious way to tell if an email is a scam is by looking at the sender email address. When receiving emails from people you know, always verify that the email is coming from the correct address. More advanced phishing attacks will try to match the email address as closely as possible to the business address they are trying to impersonate (i.e., ‘supp0rt@wrightwaycomputers.com’ instead of ‘support@wrightwaycomputers.com’). Scammers can even use a trick to display a fake email address when sending a fraudulent email, so it is important to investigate the advanced areas of the email to view the actual address it was sent from.

Email addresses ending in @gmail.com, @outlook.com, @hotmail.com, and @yahoo.com are personal email domains and are free for anyone to use. This means if someone sends an email from a personal account claiming to be a business, chances are likely that it is a scam. Legitimate businesses will often use a custom domain (i.e., @wrightwaycomputers.com) to ensure confidence in the receivers that the emails are valid. For more examples of personal email domains, see What are the most common email domains? | Go Sitebuilder.

Urgent Action/Phone Number

Scammers’ number one tactic when phishing for information is to create panic, which they do by using messages like “URGENT: ACTION REQUIRED,” or a loud, annoying, repetitive sound to create urgency. By doing this, a phisher can effectively “shut off” the logic part of the victim’s brain. Scam emails will often provide a phone number to call, where they will then take advantage of the user’s trust to manipulate them into believing they are there to help.

Never call the phone number provided in an email or pop-up without verifying that it is a valid business number. If there is legitimate concern about an account, contact that business by other means. For example, if it is a credit card, use the phone number printed on the back of the credit card. If it’s a local bank, go to the bank in person. DO NOT use Google to look up phone numbers. Another phishing tactic is to create fake websites or fake phone entries. For example, email services like Gmail and Hotmail do not offer any tech support for their free services and big companies, such as Microsoft or Google, do not have support phone numbers, but there are many websites that claim to provide them.

Bad Spelling or Grammar

It is important to know that phishing attacks can also be launched from genuine email accounts, especially if the person/business falls victim to a scam themselves. Be on the lookout for spelling mistakes, grammatical errors, or other changes in email etiquette when coming from known addresses.

If an email seems ‘phishy,’ get confirmation from the sender via another method (phone, in-person, etc.) before entering any passwords or personal information.

How to Prevent Phishing Attacks

  • Understand the Telltale Signs: There are many different things to look for when determining whether an email is a scam or not. Sender address, emails demanding urgent action or providing a phone number, and bad spelling or grammar are some of the more prevalent signs, but scammers are constantly expanding their phishing tactics to find new ways to gain access to users’ information. For a list of additional common signs of phishing, here is a useful resource with more information: How To Spot Phishing Emails | Cofense Email Security.
  • Software/filters: Companies offer various software that can filter or detect scams before they appear in a user’s inbox.
  • Some products can simulate phishing emails to train users on what to look for and give IT departments insight into which users may need more training when it comes to identifying phishing emails.
  • Remain calm: Scammers want you to panic. It gives them the upper hand and allows them to play the role of ‘hero’. By staying calm and evaluating the situation properly and with a cool head, a user can effectively defend against scammers’ ability to manipulate them.
  • Call Wright Way: If you ever have any doubts or want to verify the legitimacy of an email/pop-up, call Wright Way before you take any action. We are here to help you recognize scams before it’s too late and will investigate any pop-ups or emails that seem questionable.

Interested in learning more?

Check out these links for more information on phishing:

  1. “PHISHING ATTACK FOR INTERNET BANKING (E-BANKING)” by ilker Kara (erau.edu)
  2. Frontiers | Phishing Attacks: A Recent Comprehensive Study and a New Anatomy (frontiersin.org)

Share