There are technical ways to look at any website and email to determine what the actual links are. Phishers are sophisticated criminals and try to hide the links as best as they can, but if you carefully hover over the link(s) you might notice it’s not going to a legitimate website. Also check the reply address! The really clever criminals change one letter on an email and start engaging with you leading you into their trap.
For the less technical, here are some foundations to avoid ever being trapped into a phishing scam.
There are these things to remember:
- Do not click on any link.
- If you click on a link which takes you to a site that asks for username and password, think thrice.
- If you clicked on a linked that took you to a website that asked for username and password, and you entered, it, and you don’t trust the situation, immediately change your password. Call your bank and change those credentials too.
Another very important concept is what we call FUD, or Fear, Uncertainty, and Doubt.
Sophisticated criminals are experts at sowing fear, uncertainty, or doubt. They will say things like:
- Bank details have changed
- They might lure you over a couple of emails and then only tell you bank details have changed
- Your password has expired
- You need to do the bank transfer now
- You have to log on to update your details
- Your server has pending messages
- Your service is about to be interrupted
If you get an email that offers up and of these emotions, Fear, Uncertainty, or Doubt, then do not open it. If there is undue pressure in an email to perform an action, then take a deep breath.
Pick up the phone if someone wants you to change their bank details. Do not trust emails that asks for bank detail changes.
The final one is “if it’s too good to be true, then it isn’t”.
No, you didn’t win the lottery.
No, your distant relative didn’t leave you a million bucks.
So get on with your day and focus on the emails from trusted parties that add value to your day.
Always err on the side of caution, especially if you are not technologically literate.
If you do want to become an expert, learn to read links, and always make sure the email address is spelt 100% correctly.
Good luck! I hope you never get phished.