Phishing email scams generally fall into one of these categories:
- Traditional phishing attack
The traditional phishing attack casts a wide net and attempts to trick as many people as possible. A classic example of this is the Nigerian prince advance-fee scam.
- Spear phishing
Spear phishing attacks are designed to target a specific individual or small group of individuals. For example, a spear phishing attack my use information about a particular restaurant or small business to target one or more employees at that business. Or it could look like an email from a friend.
Whaling attacks, which have become increasingly popular in recent years, are targeted at high-profile victims like C-level executives and their teams. A typical whaling email may look like it was sent from the CEO of your company. But it’s really a fake designed to get you to share valuable information about the company.
Protect yourself from phishing scams
Phishing emails may be more difficult to identify these days, but there are some important steps you can take to avoid becoming a victim. If you answer ‘yes’ to any of the questions below, there’s a very good chance that you’re looking at a phishing email.
1. Does the message ask for personal information?
Always remember that reputable businesses do not ask for personal information – such as social security and credit card numbers – via email.
2. Does the offer seem too good to be real?
If it seems too good to be true, it’s a fake. Beware of emails offering big rewards – vacations, cash prizes, etc. – for little effort.
3. Does the salutation look odd?
Reputable companies will use your name in the salutation – as opposed to “valued customer” or “to whom it may concern.”
4. Does the email have mismatched URLs?
If you receive an email from an organization that includes an HTML link in it, hover your mouse over the link without clicking and you should see the full URL appear. If the URL does not include the organization’s exact name, or if it looks suspicious in any other way, delete it because it’s probably a phishing email. Also, you should only visit websites that begin with ‘https’ because the ‘s’ at the end indicates advanced security measures. Websites that begin with “http” are not as secure.
5. Does it give you a suspicious feeling?
Trust your instincts when it comes to email. If you catch yourself wondering whether it’s legitimate, and your instinct is to ignore and delete it—then pay attention to that gut check.