Skip to main content

How to Spot a Phishing Email

At Phone Medics Plus, we’re committed to helping you keep yourself safe as you experience all the awesome things the internet has to offer. In previous posts we’ve talked about how to avoid getting malware and what to do if you think your computer has become infected. Today we’re going to change gears a little and talk about a threat that doesn’t typically attack your computer directly, but uses your computer as a platform for scamming you: phishing.

Not that kind of fishing.

What is Phishing?

Phishing is social engineering scam that tries to trick you into surrendering sensitive information. With a typical phishing scam you receive a legitimate-looking email that appears to be from your bank, your credit card company, PayPal, etc. The message claims there’s a problem with your account, and provides you a link so you can sign in and fix it. But when you click the link, it doesn’t take you to your bank or credit card company’s actual website. Instead it takes you to a fake website designed to look like the real thing. When you sign in on this fake website, it captures your username and password and saves them, giving the scammers access to your account. When this happens, the results can get very serious very quickly. The good news, though, is that there are a few simple steps that you can take to protect yourself.

How to Stay Safe

One of your strongest lines of defense is two-factor authentication. With two-factor authentication you provide your cell phone number, and the service you’re signing into texts you a single-use verification code when you sign in from a new computer. Because it’s so secure, two-factor authentication is being already offered by a huge number of online services, including Google, Facebook, PayPal, and most banks. With two factor authentication in place, accidentally giving out your username and password isn’t quite as scary, because when the scammers try to use it they’ll just be asked to enter an authentication code that they can’t get because they don’t have your phone.

Your second major line of defense is simple awareness: there are a few big clues that will tell you if an email you’ve received is actually a phishing scam. Simple spelling or grammatical errors in the text of the email are a dead giveaway - after all, scammers don’t hire writers to compose and proofread their emails like your bank does. The sender’s email address is another big clue. For example, if the message is really from PayPal customer service, it will be from service@paypal.com; a scam email will be from a very different email address. Also, legitimate customer service emails will nearly always include your name or username. An email addressed to “valued customer” or anything other than your name or username is likely a scam. Finally, you can check the URL of the link in the email. When you hold your mouse cursor over the link, you can see the actual address it takes you to. In a phishing email, the link will take you to an address that doesn’t match the site the email claims to be from. Going back to out PayPal example: in a legitimate PayPal email, any links will have “paypal.com” in the URL. A link in a phishing email won’t.

So, suppose you’ve gotten an email that you think might be fake - it’s from a different sender than it claims to be, there are spelling errors in the text, and the link doesn’t take you where it claims to - but you’re still worried that there might really be a problem with your account. What do you do? Well, fortunately, the answer is extremely simple: just go sign in to your account the way you normally would, instead of through the link in the email. If there’s really a problem, it will show up on your account page when you sign in. Or, if you prefer, you can also call customer service directly and ask if there’s really a problem.

What to Do if You Get Caught

Unfortunately, phishing scams can be very convincing, and almost anyone can fall prey to them. You don’t have to look very hard to find stories of high-profile executives or political figures falling prey to phishing scams, sometimes with dire consequences. So the next question is, what to do if you find yourself the victim of a phishing scam?

The first thing to do is change your password, not only for the site that was compromised, but for any other site where you use the same password. So if you realize too late that you’ve given your PayPal login to a scammer, the first step is to immediately go to PayPal’s website and change your password. If you don’t, you run the risk that the scammers will not only gain access to your account and wreak havoc with your finances, but that they’ll also change your password, making it harder to recover. The second step is to contact customer service. Most banks and credit card companies have established procedures in place for when their customers are victims of fraud, and can take steps to help you recover.

If more than just your login information to a financial website gets compromised - for example, if the scammers should manage to get hold of other sensitive information like your Social Security number and date of birth - then you might need to consider adding a fraud alert to your credit report or even freezing your credit, which will prevent new lines of credit from being opened in your name. All three of the major credit reporting bureaus - Experian, TransUnion, and Equifax - offer you the ability to freeze your credit via their online tools, and if you add a fraud alert to one of the service, it will automatically be forwarded to the other two.

At Phone Medics Plus, we’re not just committed to keeping your phone and computer running smoothly, we’re also committed to helping you keep yourself safe as you use them. Keeping yourself safe from phishing scams is one way to make sure you have the best possible experience with your technology.

Comments

Popular posts from this blog

Managing Android Data Usage

If you’ve spent much time as a smartphone owner, you know the feeling of using up your cell phone plan’s monthly data allowance before the month is over. It’s especially frustrating if you aren’t even sure exactly how it happened. Fortunately, at Phone Medics Plus, we’ve got some ways you can take control of your phone’s data usage and keep from going over your limit. In our last post we talked about some of the ways to do that on your iPhone . Today we’re going to talk about how to manage your Android device. Data Limits Android has a fantastically helpful feature for managing your data usage built right in. If you go into Settings, then tap Data Usage, Billing Cycle, and Data Limit and Billing Cycle, you’ll see a series of options to help keep you from going over your monthly allotment of data. You can put in the details of your cell phone plan - how much data you’re allowed per month, and when your billing cycle renews - and see how much data you’ve used in the current cycle. Y...

Managing iPhone Data Usage

In the early days of the iPhone, users enjoyed service plans for AT&T (and later Verizon) that promised unlimited data. Unfortunately, it was too good to last. After a few years, the carriers decided that giving smartphone users unlimited data was either technologically problematic or insufficiently profitable (there’s some debate on this point), and they began to be replaced by limited data plans. Once that happened, we had to start worrying about how much data we used, because the last thing anybody wants is to burn through their monthly allotment and start being charged by the gigabyte. With that in mind, we’re going to spend the next couple posts talking about some of the ways you can manage your cell phone’s data usage, so that you still have some data left at the end of your month. In today’s post, we’re going to talk about how to handle data usage on your iPhone. Next time we’ll cover Android. Turn Off Wi-Fi Assist When you go looking for ways to reduce your data usage,...

Parental Controls Part 2: Android

In our previous post we talked about the need to have a little control over what your kids do on their devices, and some of the best ways to implement that on the iPhone (and other Apple devices). Today we’re going to go over how to accomplish some of the same things on Android devices. Fair warning: the variability of Android devices on the market means that some features, settings, and options might not be available on your particular device. With that caveat in mind, here are some of the things you can do to keep your kids safe when using Android devices. System Settings While Android lacks an equivalent to the device restrictions settings on the iPhone, there are still some things you can do to control what your kids do on their phones. For one thing, any tablet running Android 4.3 or newer offers you the option of creating restricted profiles - separate user profiles for your kids that limit their access to certain apps, the Google Play store, etc. Phones running Android 5.0...