How to Spot Phishing Emails

At Phone Medics + PC, we’re committed to helping you keep yourself safe as you experience all the awesome things the internet has to offer. In previous posts we’ve talked about how to avoid getting malware and what to do if you think your computer has become infected. Today we’re going to change gears a little and talk about a threat that doesn’t typically attack your computer directly, but uses your computer as a platform for scamming you: phishing.

What Is Phishing?

Phishing is social engineering scam that tries to trick you into surrendering sensitive information. With a typical phishing scam you receive a legitimate-looking email that seems to be from your bank, your credit card company, PayPal, etc. The message claims there’s a problem with your account, and provides you a link so you can sign in and fix the problem. The link takes you to a fake website designed to look like the real site, which then captures your credentials when you sign in and saves them, giving the scammers access to your account. The good news, though, is that there are a few simple steps that you can take to protect yourself.

How to Keep Yourself Safe

One of your strongest lines of defense is two-factor authentication. With two-factor authentication you provide your cell phone number, and the service you’re signing into texts you a single-use verification code when you sign in from a new computer. Because it’s so secure, two-factor authentication is being already offered by a huge number of online services, including Google, Facebook, PayPal, and most banks. With two factor authentication in place, accidentally giving out your username and password isn’t quite as scary, because when the scammers try to use it they’ll just be asked to enter an authentication code that they can’t get because they don’t have your phone.

Your second major line of defense is simple awareness: there are a few big clues that will tell you if an email you’ve received is actually a phishing scam. Simple spelling or grammatical errors in the text of the email are a dead giveaway – after all, scammers don’t hire writers to compose and proofread their emails like your bank does. The sender’s email address is another big clue. For example, if the message is really from PayPal customer service, it will be from service@paypal.com; a scam email will be from a very different email address. Also, legitimate customer service emails will nearly always include your name or username. An email addressed to “valued customer” or anything other than your name or username is likely a scam. Finally, you can check the URL of the link in the email. When you hold your mouse cursor over the link, you can see the actual address it takes you to. In a phishing email, the link will take you to an address that doesn’t match the site the email claims to be from. Going back to out PayPal example: in a legitimate PayPal email, any links will have “paypal.com” in the URL. A link in a phishing email won’t.

So, suppose you’ve gotten an email that you think might be fake – it’s from a different sender than it claims to be, there are spelling errors in the text, and the link doesn’t take you where it claims to – but you’re still worried that there might really be a problem with your account. What do you do? Well, fortunately, the answer is extremely simple: just go sign in to your account the way you normally would, instead of through the link in the email. If there’s really a problem, it will show up on your account page when you sign in. Or, if you prefer, you can also call customer service directly and ask if there’s really a problem.

What to Do if You Get Caught

Unfortunately, phishing scams can be very convincing, and almost anyone can fall prey to them. You don’t have to look very hard to find stories of high-profile executives or political figures falling prey to phishing scams, sometimes with dire consequences. So the next question is, what to do if you find yourself the victim of a phishing scam?

The first thing to do is change your password, not only for the site that was compromised, but for any other site where you use the same password. So if you realize too late that you’ve given your PayPal login to a scammer, the first step is to immediately go to PayPal’s website and change your password. If you don’t, you run the risk that the scammers will not only gain access to your account and wreak havoc with your finances, but that they’ll also change your password, making it harder to recover. The second step is to contact customer service. Most banks and credit card companies have established procedures in place for when their customers are victims of fraud, and can take steps to help you recover.

At Phone Medics + PC, we’re not just committed to keeping your phone and computer running smoothly, we’re also committed to helping you keep yourself safe as you use them. Keeping yourself safe from phishing scams is one way to make sure you have the best possible experience with your technology.