Scammers will try to get sensitive information from you in many ways. Phishing (pronounces fishing) is a malicious attack that tries to steal your money or identity. Cybercriminals will pretend to be legitimate companies or friends in well designed fake emails. These will contain links or attachments that send you to a phishing website.
Phishing is a common type of cybercrime because it is cheap and effective. They will often send out thousands of emails in the hope that only 0.001 percent of recipients will bite. It only takes one or two responses for the phishing campaign to be successful.
The best defense for these scams is knowing what to look for and to be careful. Below are some examples of how cybercriminals will try to get your information.
The email is sent from a public domain
No large organisation will send an email from a gmail.com, hotmail.com or outlook.com domain. Look at the email address, not the sender. If it is from a generic domain, you can guarantee that it is not a legitimate company email.
The domain name is spelt incorrectly or formatted differently
Double check the domain name in the email. Phishing attacks will use a domain like microsoft-online.net or google-email.com. This is designed to lull you into a false sense of security. The email claims to be from a reputable company but the domain is incorrect. This is one of the common tricks of scammers.
The mail has poor spelling and grammar
Most phishing emails have poor spelling and grammar in the message. Large companies have well trained employees and departments to ensure any correspondence looks professional. These emails are also double checked before they are sent to clients. If an email has spelling or grammatical errors, it is a safe bet that they are attempting a scam.
It has suspicious attachments or links
Phishing emails always have a gateway. The majority of tome it will either be a link to redirect you to an infected website or an attachment you will be asked to download and open. This will then install malicious software on your computer. No legitimate companies will randomly send you links or attachments. If they do want you to download something, they will prompt you to do so from their official website.
The message demands urgent action
Many scammers try to create a sense of urgency in the email. They try to make you think that is there is not much time left to make you not crosscheck the email. Whenever you get a message calling for immediate action, take a moment and look at the message carefully. Pause for a moment and take some care before you click the link in a panic.
Email will request login credentials or other sensitive data
No legitimate company will ask for credit card details, passwords, or bank account details via email. If you are prompted to respond with any of these items, ignore it. The email will also attempt to get these credentials or details by sending you to a website where you provide this information.