If you’ve ever opened up an email purporting to be from a known, reputable company that is full of misspellings, errors, and inconsistencies, you may have come across a popular internet scam: phishing. Improve your internet security by learning more about how this scam works and how to avoid falling victim to it.
What is phishing?
“Phishing” is technique that usually uses authentic-looking (but fake) emails and websites to convince victims to voluntarily hand over sensitive information. The first step is an email that seems to come from a legitimate company that you do business with, like Paypal, Microsoft, or Apple. These emails typically employ a ruse to ask for information, claiming that they need to “update their records” or “fix a problem with your account.” When you click through the link, you are directed to a website that looks like the company’s legitimate site and asked to enter information like your login, password, credit card number, or other financial data. Once they have your information, the fraudsters can use it to access your account, charge your credit cards, create fake accounts with your information, or otherwise separate you from your money.
Why is it called “phishing”?
“Phishing” is a play on the word “fishing,” because the scam operators “fish” for information from their potential victims. But if you’re curious what the “ph” references, look to the early years of the internet—and then look back a few decades. In the early 1970s, John Draper figured out how to use sound frequencies to manipulate telephone lines and scam free long distance service. This phone trickery became known as “phone phreaking,” and an underground community developed (conducting meetings using free conference calls, of course). Besides stealing phone service, members of the “phreaking” community used the technology to disrupt business and generally cause mayhem. (Draper was eventually arrested and convicted of wire fraud.) The term “phishing” is a nod to these pioneers of telecommunications fraud.
How do I avoid being the victim of phishing?
The best way to avoid being a victim of phishing emails is to be vigilant about spotting them and diligent about checking the authenticity of a website before releasing any personal information. But how do you tell a scam email from an authentic email?
- Urgency. Fraudulent emails often aim to create a sense of urgency for the consumer, asking you to take immediate action. For example, one might say “If you don't respond within 48 hours, your account will be suspended.” A legitimate company will not create a false sense of urgency.
- Anonymity. Phishing emails are sent out at random by automated systems to bulk email address lists, so they are not personalized. The fraudsters generally do not know your name, so they address you in vague terms like "Dear Valued Customer,” or your name may be awkwardly inserted (addressed to “Dear Smith,” for example, when your name is John Smith).
- Quality. Fraudulent messages frequently contain poor spelling and grammar. Very large companies like Microsoft employ numerous editors and take precautions to ensure that any communications are completely error free. If an email contains mistakes, it could be a sign that it is a fake. Look for misspelled words, poor grammar, and incomplete or awkwardly written sentences. Many of these emails originate from countries where English is spoken as a second language or not at all or are created by automated systems.
- Intrusiveness. A phishing email will frequently ask you for your username, password, membership, or account details, or ask that you click through to a website that asks for that information. Reputable companies will never request your login password or personal information via email. A legitimate email from a business about a problem should ask you to independently navigate to their website or call their customer service directly. A good rule of thumb for increasing your internet safety is to never enter your password or provide any sensitive information whatsoever in response to an email. If you believe there might be a legitimate problem with one of your accounts, contact their official email or telephone customer service portal.
At Dymin Systems, we can help you block and filter spam emails and protect your system against viruses, malware, ransomware, and other internet security threats. For more information about how managed IT services can help improve your computer security to protect your business from these ever-changing hazards, contact us online today or give us a call at (800) 811-3661. We are a full-spectrum IT services and computer repair company serving residential and business customers in the Greater Des Moines area.