social media investigators

Phishing 101

While anyone with an internet connection is used to receiving unsolicited spam from unknown sources, whether through email, telephone or text, it is typically harmless. Phishing emails, however, can be quite dangerous and can come with serious consequences if not handled properly.

So, what is phishing?

Phishing goes by many aliases, including malicious software, data mining and identity theft. The word “phish” refers to a deceptive email sent with malicious intent to trick the helpless recipient into providing the scammer with access to their personal information. Scammers will use malicious software embedded in these emails to collect sensitive data, steal money or gain access to personal accounts and information.

How can you recognize these common email traps and avoid phishing scams all together? Follow these tips below and share them with your friends and family to keep your personal information safe.

Know how to recognize a phishing email.

Attackers will send emails that will have a call-to-action such as “verify your email” that will lead you to a fake website. It is here that they may trick you into surrendering your personal information under the guise of providing it for a legitimate reason to a legitimate website. Clicking on these external links may also unleash a malicious software that will take over control of your computer and download malicious code that could be detrimental long after you open the link in the first place.

A phishing email may also prompt you to download an attached file that will contain malicious software, or implore you to reply to the email itself with your sensitive information under false pretenses. These emails often look very realistic and can appear as though they are coming from a credible source. Phishing emails also often come with a sense or urgency or may try to spark emotion within you to act impulsively and without thinking. They manipulate your feelings and instill a sense of fear, greed, curiosity or even compassion.

You can validate the authenticity of the email by checking who sent the email (have they sent you emails before?), who it was sent to (a credible organization would never ask you to send personal information through a newsletter format sent to multiple people or to an “undisclosed group”) and the content of the email (is the content relevant to you? Have you received similar communications before? Is this the kind of content that this organization would send?). A scammer can also manipulate the “from” field of an email to display any name they want. Make sure to check the actual email address that the email is sent from before trusting it.

Phishing emails also leave behind other clues such as spelling errors, generic greetings (i.e. “dear valued customer” or “good day”), a tone that does not match that of the organization they are trying to mimic and branding or logos that do not match that of the organization.

What to do if you receive a phishing email.

If you are the unfortunate recipient of a phishing email, do not respond to any of the call-to-actions. Do not open any attachments or click any links. If it is seemingly from a friend or coworker, contact the individual directly. If it appears to be from an organization, double-check the email, investigate their website or contact their help desk directly. It is very important to report these emails to the person or organization that they are impersonating.

If you do find yourself the victim of malicious software or a phishing scam, fear not. Contact Investigation Hotline and one of our esteemed private investigators will help you recover from the ramifications.