TL;DR: Phishing emails and texts trick you into giving up private info. Look for urgent messages, strange sender addresses, bad spelling, and suspicious links. Don’t click unknown links; instead, type website addresses yourself. Always verify requests for personal data.
As part of understanding how to avoid online scams, it’s really important to know about phishing. Phishing is a common trick used by scammers to get your personal information, like passwords or bank details, by pretending to be someone trustworthy. They often use emails or text messages that look legitimate but are actually fake. This guide is made especially simple for non-tech phone, iPad/tablet & computer users.
Understanding How Phishing Works
Phishing attempts often play on your emotions, like fear or curiosity, to get you to act quickly without thinking. Many situations involve messages claiming thereβs a problem with your account, an urgent delivery, or even a prize waiting for you. Common scenarios include emails that look like they’re from your bank, a popular online store, or even a government agency. What usually causes problems is when people click on a link in these messages without checking it first.
Key Signs of a Phishing Email
-
Unusual Sender Address
Always check the sender’s email address, not just the name. A legitimate company will use its official domain (like `[email protected]`). Phishing emails often use slightly altered addresses (e.g., `[email protected]` or `bankname.co`). On phones and tablets, you might need to tap the sender’s name to see the full address. If it looks off, it probably is.
-
Generic Greetings
Many legitimate emails from services you use will address you by name. Phishing emails often use generic greetings like “Dear Customer,” “Dear Account Holder,” or no greeting at all. This is because they send these messages to thousands of people at once.
-
Urgent or Threatening Language
Scammers want you to panic and act without thinking. They might use phrases like “Your account will be suspended,” “Immediate action required,” or “Verify your details now to avoid charges.” Legitimate organizations rarely demand immediate action without providing clear, secure ways to respond.
-
Suspicious Links or Attachments
This is a big one. Before clicking any link, hover your mouse over it (on a computer) or long-press it (on a phone/tablet) to see the actual web address. If the link shown doesn’t match the company’s official website, don’t click it. Never open unexpected attachments, as they can contain harmful software.
-
Spelling and Grammar Mistakes
Professional organizations typically have their communications proofread. Phishing emails often contain noticeable spelling errors, poor grammar, or awkward phrasing. While not always a definitive sign, it’s a strong indicator to be cautious.
-
Requests for Personal Information
Legitimate companies will rarely ask for sensitive information like your full password, PIN, or Social Security number via email or text. If they need you to update details, they’ll usually direct you to log into your account securely on their official website.
Spotting Phishing Text Messages (Smishing)
Phishing isn’t just about emails; it also happens through text messages, often called “smishing.” The same principles apply:
-
Unknown Numbers: Texts from numbers you don’t recognize, especially those that look like regular phone numbers but claim to be from a major company.
-
Links in Texts: Be extremely wary of links in text messages. They are often shortened, making it harder to see the true destination. Always assume a link in an unexpected text is suspicious.
-
Urgent Language: Similar to emails, texts might say things like “Your package is delayed, click here to reschedule” or “Fraud alert, respond immediately.”
What to Do If You Suspect Phishing
If you receive a suspicious email or text:
- Do NOT click any links or open attachments.
- Do NOT reply to the sender.
- If it claims to be from a company you use, go directly to their official website by typing the address yourself into your browser. Log in there to check for any alerts or messages. Never use a link from the suspicious message.
- Delete the message.
It’s important to develop a habit of pausing and checking before clicking. While no system is perfect, being aware of these signs significantly reduces your risk.