Four Ways to Identify Phishing Scams

2023, January | Paul Yang
Cybersecurity Insights

Is being able to spot a scam at the top of your new year's resolution list? It should be! Avoiding common phishing scams is at the top of the list for many clients this year, so this quarter we will be diving into ways to prevent these scams and better protect you and your business. 

How to identify suspicious emails. 

Last month, we touched on email phishing scams and how they often look legitimate. With this in mind, here are a few ways to identify those suspicious emails according to Security Metrics, a global provider of data security and compliance solutions.

  • Legitimate companies will not ask for personal information. If you receive an unsolicited email from an institution that provides a link or attachment that asks for personal or sensitive information, it is a scam. Most companies WILL NOT send you an email asking for personal information as emails are often subject to hacking.

  • Legitimate companies have domain emails. If you are sent an email that is from a person you may know but the contents of the email seem suspicious, be sure to check the email address of the sender. Most scammers use emails with altered domain names. For example, an email from PayPal will come from @paypal.com, but a scammer will alter it with numbers such as @paypal07. Be sure to look for emails from common personal domains such as @gmail.com, @yahoo.com, etc. Legitimate companies do not use personal domains.

  • Legitimate companies will address you by your name. Pay attention to how you are addressed in emails. If you notice that the introduction to the email is a simple ‘Hi” or “Dear customer,” it is more than likely a scam – do not respond to the email. If a company you deal with requires information from you about your account, you will be addressed by your name and they will more than likely contact you directly via phone. 

Keep an eye on financial statements

Most phishing attacks are used to gain control of your financial information, it’s key that you keep an eye on your financial statements. Here are some of the ways scammers can access your financial information:

  • Automatic withdrawals. Automatic withdrawals are a great way to pay a monthly bill or automate your savings, however, it is also a great way for scammers to get ahold of your bank information. According to Forbes, the way this scam works is that individuals receive a phone call or postcard indicating that they’ve won a prize or qualified for a special offer. The goal is to get you to read off the numbers at the bottom of your personal checks. They often use this tactic to verify you qualify for the offer. Once the scammer has your account and bank information, they put it on demand draft, which is processed like a check but doesn’t require a signature. Upon receiving the draft, your bank will transfer money from your account to pay the scammer. Unless you pay close attention to your daily bank transactions, you may not notice the scam until much later.

  • Government imposter scams. You receive a phone call from the imposter claiming you’ve won a prize that requires payment of taxes or fees so they can process it. The scammer may threaten to send you to prison if you don’t pay a supposed outstanding debt. The reality is that you will never receive a call from a federal agency asking for payment of any kind. Scammers may use a fake federal agency name like the National Sweepstakes Bureau or the names of real agencies, like the Federal Trade Commission (FTC). Either way, it’s a scam because this isn’t a strategy used by federal agencies to collect payments. (Forbes)

  • Charity scams. Scammers are also likely to take advantage of people’s kindness by impersonating charities. They call people asking for donations to a charity or cause. Some scammers go so far as disguising the phone number they are calling from, so it shows up as a local area code on your caller ID. You can sometimes spot charity scams by the vague claims they make and the lack of tangible ways your donations are used. Scammers also like to use fake charity names that sound like the names of legitimate charities.If you ever notice any unfamiliar charges or suspicious activity, it could be a sign that your accounts have been compromised by an attack. (Forbes) 

Be wary of fake unsubscribe messages.

According to Reader’s Digest another common phishing tactic is fake unsubscribe messages. In these scams, you may be convinced to click an “unsubscribe” button or add your information to an unsubscribe list to get rid of spam. But instead of removing you from the list you may be taken to a malicious website or marked as an active account. The most common ‘unsubscribe’ message technique is for scammers to take you to a website that looks real and ask you for more personal information. By doing this, not only is your account now marked as active, but they have information that is commonly used for security questions to get access to your bank accounts.

Only respond to known senders. 

Wire transfer phishing is becoming incredibly common with easy-to-use money transfer apps such as Zelle, Venmo, PayPal, etc. One of the most common techniques is to request the money from your account. 

“I recently downloaded Venmo and within a few days, I noticed a payment request for $500 from a person I have never met before. I didn’t accept nor decline the request, I just blocked the sender and have not seen a request like that since,” says an anonymous source. 

Incidents like this happen frequently and unfortunately, many people fall victim to them. According to the Federal Trade Commission, here are some tips on what to do if you send money to a scammer through these apps: 

  • If you sent the money through a debit or credit card. Contact the company or bank that issued the credit or debit card. Tell them it was a fraudulent charge, ask them to reverse the transaction, and give you your money back.

  • If you sent a wire transfer through your bank. Contact your bank immediately and inform them of the incident. Ask your bank to recall the wire transfer. 

  • If you sent money through a money transfer app. Report the fraudulent transaction to the company behind the money transfer app and ask them to reverse the payment. If you linked the app to a credit card or debit card, report the fraud to your credit card company or bank. Ask them to reverse the charge.