Phishing can be very tricky to spot if you are not careful. Not knowing how to identify phishing leaves you vulnerable to having your passwords or credit card stolen. As with anything, a little bit of practice can go a long way. Once you’ve spent a little time training yourself to spot spam texts and phishing emails you can do it with ease.
“I know it when I see it.” - United States Supreme Court Justice Potter Stewart on obscenity in Jacobellis v. Ohio
When you’ve seen thousands of phishing texts and emails like I have, you get to the point where you know one when you see one. I’m writing this article to share some heuristics or rules of thumb that are timeless indicators of phishing.
Knowing how to spot phishing emails and texts is vital to protecting yourself from phishing attacks. Some phishing attempts are easier to catch than others. Most of them are getting really good and look almost identical to legitimate emails. Attackers are constantly evolving their techniques to make it harder to tell if the message is real or fake.
More spam texts and emails are sent everyday. It is almost impossible to avoid them at this point. You can no longer step up to the plate unprepared to spot the imposters.
The good news is, there are usually some red flags that can immediately warn you of phishing. These are some basic indicators of a phishing attack but they are by no means the only signals. Phishing is always changing but the following are tried and true warning signs of phishing.
1. Grammatical Errors
Be on the look out for spelling errors or grammatical mistakes in emails. A message from a large online company will have been reviewed so many times before it is sent out. There is a slim chance there would be a spelling error. Companies spend lots of money on their marketing, IT support, branding, and outbound messaging to ensure the highest quality communication. This means if there is a spelling or grammatical error, it could be an illegitimate email.
This used to be a common mistake that phishers made. However, they quickly learned from their mistakes. Most phishing emails out there no longer contain simple spelling errors and obvious giveaways.
Many phishing emails belong to large criminal organizations that profit through online scams. Phishers make half a billion dollars yearly, and continue to fine tune their craft to churn out profit. These organizations take the same steps as companies to send out high quality messages that have been reviewed for errors. Better quality phishing emails are more successful. More successful phishing emails are more profitable for the criminals.
2. Sense of Urgency
Another sign of a scam text or email is the tone creates a sense of urgency. Watch out for emails they try to make it seem like the sky is falling. The idea of being hacked sounds scary to most people. That’s because it is. Attackers know this and use it to their advantage. They want you to panic but you don’t need to.
Phishing emails will prompt you to act immediately or risk losing access to your account. Try not to make a knee-jerk reaction, this is what they want you to do. They want you to be emotional and make a quick decision without slowing down to stop and think.
The email could ask you to log in immediately or lose your account forever if you wait. Scammers are trying to steal your password or credit card information. They pressure you into handing it over by making the matter seem time sensitive. The best thing to do is remain calm and look closer to tell if the email is phishing. Read it carefully, decide if what they’re asking of you makes sense. Ask yourself, ‘why would they need me to do this?’ or ‘is this something they’ve asked to do before?’.
Take your time, a deep breath, and try to relax. Don’t do anything irrational. If something is really wrong with your account, the company will notify you multiple times before shutting it down.
3. Non-Personal Greeting
Receiving an email with a generic greeting is a good sign of a scam. Almost every service you sign up for asks you for your name. Companies keep a record of your name attached to your account. If they are contacting you, they will use your name in the email. Companies want to show good customer service by making the interaction feel personal. So, they’re gonna skip the generic greetings in their emails and opt for something more personal. Legitimate emails will not address you as “Dear customer” or “Dear user”. Check out the non-personal greeting in the phishing email below:
The generic greeting in the example is a strong sign of phishing. A real email from a company will address you with your name. Alarms should be going off in your head if you receive an email like the one above.
4. Asking for Personal Information
Companies will not ask you for personal information over email. Never send a company your password or credit card information over email. Some phishing emails may not directly ask you for this info.
Instead, a link is included in the email asking you to login to update your account. The link will even take you to a webpage that looks identical to the company website. The links asking you to login are designed to steal your password by having you willingly hand it over. The realistic looking login page will harvest your password for that account. The attacker can then log into your account and even lock you out. To stay safe, never click on links asking you to log into your account.
5. Too Good to Be True
If the message has an insane offering that just sounds too good to be true, it probably is. Crazy sales and deals of a lifetime are usually fake. Avoid emails or texts offering absurd giveaways. Eventually, they will try to steal from you. The best thing to do is just ignore the message if it sounds outrageous.
If the message is from a popular brand, you can always try googling the deal to see if it is legit. Visit their website to see if they are really running the sale online. Still make sure to avoid using the link in the email provided. You never know if this is taking you to a real or fake website.
6. Bizarre Requests
Some spam emails or texts will ask you do things that are just bizarre. Take this one for example:
No this is not fake, this is a real text I received the other day (filtered by the Dont Text app of course.).
They want to pay me $500 per week to put a sticker on my car? I chuckled to myself a bit when I first read this. I think the funniest part is the fake Rockstar website is a Wix website.
Why would any sane company do this? When the request in the email or text is this outrageous, it’s an obvious sign that the message is not real.
7. Use Common Sense
Phishers don’t like people who think. They want you to react without thinking. They prey on people who mindlessly hand over their password. The biggest threat to their scam is users who use common sense. Try asking yourself questions when deciding if an email is phishing. Does the request sound reasonable? Is this needed? Why was I sent this? Am I being targeted? If you are concerned by your answers, it is probably phishing.
When it comes to phishing, trust your gut. Some scams are more convincing at first by hiding their true intentions. Messages claiming you’ve won a free prize or quick ways to make money are scams. Before you act, stop and think about what you’re about to do. Overall, if a message is suspicious, ignore it.
Phishing Keeps Evolving
There are easy to identify signs of a phishing email, but these are not the only things to look for. Phishing attacks have become a lot more advanced over the years. It is uncommon for phishing attacks to contain glaring errors anymore. Attackers are good at sending fake emails that hard to spot. Attackers create new tricks daily to make their attacks more successful. Tips that were once effective for spotting phishing may be useless in a few months. Always stay on your guard to spot new attacks as they appear.