Gone Phishing? Tips to Identify and Avoid Email Scams

A dark keyboard backlit with a red light

Contributed by Jill Cacic

Your email inbox used to be filled with harmless fun: work emails, discounted travel deals, and marketing newsletters. Now, it's a breeding ground for phishing scammers looking to make your personal information their catch of the day.

Phishing is the fraudulent practice of sending emails, pretending to be someone else to entice individuals to reveal personal information, including credit card information, passwords, and social security numbers. In 2018, the Internet Crime Report (IC3) stated there were 351,936 complaints related to online phishing scams with losses exceeding $2.7 billion. That is a 17% increase in reported complaints and a 90% increase in losses over 2017.

As technology improves, so do the phishing schemes, making it challenging to identify a potentially dangerous email. The subject line of the email will look like a legitimate email from a company you trust - your bank, favorite department store, or popular streaming service. The body of the email often cites a believable story like there has been suspicious activity on your account, or you need to make a payment complete with a fake invoice or a coupon for a free month. So, what red flags should you look out for to discover a potential phishing scam?

A call to action asking you to click or download something. All phishing schemes will contain something you need to click (a link) or download (an attachment). That is the gateway for the malware to enter your system and swipe your sensitive information.

A generic greeting. With advanced email marketing platforms, most major companies are not sending out emails starting with "Hi dear."

Awkward or typo-filled text. Just glancing over the email, you notice multiple improper subject-verb agreements, and many commonly used words misspelled.

Email addresses that look just a little off, including the number "0" in place of the letter "O." Scammers will attempt to duplicate a legitimate email by making small tweaks that make it seem believable.

Your gut telling you something isn't right. You know your account is up-to-date, and Netflix never offers a digital coupon.

How can you better protect yourself from one of these phishing scams?

  1. Install anti-virus or malware software. Make sure your computer and phone are working to actively protect you against potential threats at all times.

  2. Do not click on any links in an email you're not expecting. Clicking that link gives the scammers access to your system.

  3. Call the recipient and ask if they sent the email. This includes the company that sent the email. Ask the billing department if they sent a bill or customer service if there are any current email coupon offers. If you respond to the fraudulent or compromised account, the fraudsters will confirm their request for you to click the link or open the document.

  4. Use multi-factor authentication on your accounts when possible. This requires you to use two credentials to access your information: something you have (a passcode you receive via text) and something you are (fingerprint or face ID).

When it comes to phishing scams, you need to trust your gut. If something feels off, err on the side of caution. Falling victim to a phishing scam can put you at risk of identity theft, monetary loss, and open up your business system to irreparable damage.

If you feel like you received a potential phishing attempt, forward the email to the Federal Trade Commission at spam@uce.gov and Anti-Phishing Working Group at reportphishing@apwg.org. You can also forward phishing text messages to SPAM (7726).

Professional DevelopmentJill CacicPhishing, sonographer, Ultrasound, scams